CVE Catalog

CVE-2025-8852

MediumCVSS 4.3
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.35%

27th percentile - higher than 27% of all known CVEs

Summary

In WuKongOpenSource WukongCRM 11.0, a vulnerability in the /adminFile/upload file of the API Response Handler component leads to information exposure through error messages. The attack can be performed remotely, and exploit details are publicly available.

Risk Assessment

The organization is at risk of leaking sensitive system information that could be used for further attacks or privilege escalation.

Recommendation

Immediately update WukongCRM to the latest version or apply temporary mitigations such as disabling detailed error messages in the API.

Original NVD description (English source)

A vulnerability was identified in WuKongOpenSource WukongCRM 11.0. This affects an unknown part of the file /adminFile/upload of the component API Response Handler. The manipulation leads to information exposure through error message. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS