CVE-2025-8852

A vulnerability was identified in WuKongOpenSource WukongCRM 11.0. This affects an unknown part of the file /adminFile/upload of the component API Response Handler. The manipulation leads to information exposure through error message. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.3 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
VulDBCNA
4.3 MEDIUM
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 8%
VendorProductVersion
5kcrmwukongcrm
11.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://github.com/WuKongOpenSource/WukongCRM-11.0-JAVA/issues/26
https://github.com/WuKongOpenSource/WukongCRM-11.0-JAVA/issues/26#issue-3272864284
https://vuldb.com/?ctiid.319383
https://vuldb.com/?id.319383
https://vuldb.com/?submit.624693
https://github.com/WuKongOpenSource/WukongCRM-11.0-JAVA/issues/26