CVE-2025-34040

High PUBLISHED

Seeyon Zhiyuan OA System Path Traversal File Upload

Seeyon (Beijing Zhiyuan Internet Software Co., Ltd.) · Zhiyuan OA Web Application System

Not yet in CISA KEV

Exploited in the wild PoC available

Recommended Action

Prioritize remediation. Validate affected assets and apply vendor fixes on an accelerated timeline.

Confidence
High
Exploitation Status
Exploited in the wild
Observed in Sensors
No
Attempts (30d)
Unique Attacker IPs
CISA KEV
Not yet in CISA KEV
CVSS / EPSS
10.0 Critical

At a Glance

An arbitrary file upload vulnerability exists in the Zhiyuan OA platform via the wpsAssistServlet interface. The realFileType and fileId parameters are improperly validated during multipart file uploads, allowing unauthenticated attackers to upload crafted JSP files outside of intended directories using path traversal. Successful exploitation enables remote code execution as the uploaded file can be accessed and executed through the web server. Exploitation evidence was observed by the Shadowserver Foundation on 2025-02-01 UTC.

nuclei_scanner
CVE Published
Jun 24, 2025
Exploitation Reported
Jun 24, 2025
CVSS
10.0 Critical
EPSS
Remote Low complexity No user interaction Unauthenticated

Affected Versions

Vendor Product Version Status
Seeyon (Beijing Zhiyuan Internet Software Co., Ltd.)
Zhiyuan OA Web Application System

5.0

Affected
Seeyon (Beijing Zhiyuan Internet Software Co., Ltd.)
Zhiyuan OA Web Application System

5.1 to <= 5.6sp1

Affected
Seeyon (Beijing Zhiyuan Internet Software Co., Ltd.)
Zhiyuan OA Web Application System

6.0 to <= 6.1sp2

Affected
Seeyon (Beijing Zhiyuan Internet Software Co., Ltd.)
Zhiyuan OA Web Application System

7.0

Affected
Seeyon (Beijing Zhiyuan Internet Software Co., Ltd.)
Zhiyuan OA Web Application System

7.0sp1 to <= 7.1

Affected
Seeyon (Beijing Zhiyuan Internet Software Co., Ltd.)
Zhiyuan OA Web Application System

7.1sp1

Affected
Seeyon (Beijing Zhiyuan Internet Software Co., Ltd.)
Zhiyuan OA Web Application System

8.0 to <= 8.0sp2

Affected

CVE References

Recommended Actions

  • Prioritize remediation. Validate affected assets and apply vendor fixes on an accelerated timeline.
  • Check enrichment artifacts for scanner coverage and available PoCs before rolling remediation validation.
  • Use the Pro API to automate enrichment, telemetry, and workflow delivery for VM, SOC, and CTI pipelines.