CVE-2025-8909

Medium CVSS 6.5

Overview

Organization Portal System developed by WellChoose has an Arbitrary File Reading vulnerability, allowing remote attackers with regular privileges to exploit Absolute Path Traversal to download arbitrary system files.

CWE: CWE-36 Published: 2025-08-13T09:15:29.723

Risk analysis

This vulnerability is rated 🟡 MEDIUM.

CVSS: 6.5 (MEDIUM)
Detected tags: path (tag impact: MODERATE)

Recommended actions:

Canonicalize path; block `..` traversal; use allowlists.

Overview

Recommended tools

Tags