CVE-2025-4281

High PUBLISHED

Shenzhen Sixun Software Sixun Shanghui Group Business Management System LoadData information disclosure

Shenzhen Sixun Software · Sixun Shanghui Group Business Management System

Not yet in CISA KEV

Exploited in the wild

Recommended Action

Prioritize remediation. Validate affected assets and apply vendor fixes on an accelerated timeline.

Confidence
High
Exploitation Status
Exploited in the wild
Observed in Sensors
No
Attempts (30d)
Unique Attacker IPs
CISA KEV
Not yet in CISA KEV
CVSS / EPSS
5.3 Medium

At a Glance

A vulnerability, which was classified as problematic, was found in Shenzhen Sixun Software Sixun Shanghui Group Business Management System 7. This affects an unknown part of the file /api/GylOperator/LoadData. The manipulation leads to information disclosure. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Es wurde eine problematische Schwachstelle in Shenzhen Sixun Software Sixun Shanghui Group Business Management System 7 gefunden. Betroffen hiervon ist ein unbekannter Ablauf der Datei /api/GylOperator/LoadData. Mittels dem Manipulieren mit unbekannten Daten kann eine information disclosure-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff über das Netzwerk. Der Exploit steht zur öffentlichen Verfügung.

CVE Published
May 05, 2025
Exploitation Reported
May 05, 2025
CVSS
5.3 Medium
EPSS
Remote Low complexity No user interaction

Affected Versions

Vendor Product Version Status
Shenzhen Sixun Software
Sixun Shanghui Group Business Management System

7

Affected

CVE References

Recommended Actions

  • Prioritize remediation. Validate affected assets and apply vendor fixes on an accelerated timeline.
  • Use the Pro API to automate enrichment, telemetry, and workflow delivery for VM, SOC, and CTI pipelines.