CVE Catalog

CVE-2025-52237

MediumCVSS 6.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.45%

36th percentile - higher than 36% of all known CVEs

Summary

In SSCMS version 7.3.1, the component /stl/actions/download?filePath is vulnerable to directory traversal. This allows an attacker to read arbitrary files outside the intended directory.

Risk Assessment

An attacker can gain unauthorized access to sensitive configuration files, user data, or source code, leading to information disclosure and potential escalation of attacks.

Recommendation

Immediately update SSCMS to the latest version that fixes this vulnerability. Until then, restrict access to the /stl/actions/download component via firewall rules or authentication.

Original NVD description (English source)

An issue in the component /stl/actions/download?filePath of SSCMS v7.3.1 allows attackers to execute a directory traversal.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS