CVE-2025-54945
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-08-30
Last updated on: 2025-09-25
Assigner: ZUSO Advanced Research Team (ZUSO ART)
Description
Description
An external control of file name or path vulnerability in SUNNET Corporate Training Management System before 10.11 allows remote attackers to execute arbitrary system commands via a malicious file by controlling the destination file path.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| sun.net | ehrd_ctms | to 10.11 (exc) |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-73 | The product allows user input to control or influence paths or file names that are used in filesystem operations. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an external control of file name or path issue in the SUNNET Corporate Training Management System before version 10.11. It allows remote attackers to execute arbitrary system commands by controlling the destination file path through a malicious file.
How can this vulnerability impact me? :
This vulnerability can allow remote attackers to execute arbitrary system commands on the affected system without any privileges or user interaction, potentially leading to full system compromise, data loss, or unauthorized access.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70