CVE-2025-52237
MediumCVSS 6.5Exploitation Probability (EPSS)
Low risk36th percentile - higher than 36% of all known CVEs
Summary
In SSCMS version 7.3.1, the component /stl/actions/download?filePath is vulnerable to directory traversal. This allows an attacker to read arbitrary files outside the intended directory.
Risk Assessment
An attacker can gain unauthorized access to sensitive configuration files, user data, or source code, leading to information disclosure and potential escalation of attacks.
Recommendation
Immediately update SSCMS to the latest version that fixes this vulnerability. Until then, restrict access to the /stl/actions/download component via firewall rules or authentication.
Original NVD description (English source)
An issue in the component /stl/actions/download?filePath of SSCMS v7.3.1 allows attackers to execute a directory traversal.

