CVE-2025-8852
MediumCVSS 4.3Exploitation Probability (EPSS)
Low risk27th percentile - higher than 27% of all known CVEs
Summary
In WuKongOpenSource WukongCRM 11.0, a vulnerability in the /adminFile/upload file of the API Response Handler component leads to information exposure through error messages. The attack can be performed remotely, and exploit details are publicly available.
Risk Assessment
The organization is at risk of leaking sensitive system information that could be used for further attacks or privilege escalation.
Recommendation
Immediately update WukongCRM to the latest version or apply temporary mitigations such as disabling detailed error messages in the API.
Original NVD description (English source)
A vulnerability was identified in WuKongOpenSource WukongCRM 11.0. This affects an unknown part of the file /adminFile/upload of the component API Response Handler. The manipulation leads to information exposure through error message. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

