CVE-2025-3551 - Vulnerability Details

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: The vendor was not able to verify the existence of the original vulnerability report and the researcher was not able to provide further proof.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2025-10864	REJECT DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: The vendor was not able to verify the existence of the original vulnerability report and the researcher was not able to provide further proof.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

No reference.

History

Mon, 05 May 2025 12:45:00 +0000

Type	Values Removed	Values Added
Weaknesses	CWE-284 CWE-434
References	https://github.com/666lail/report/blob/main/tmp/fileUpload_1.md https://vuldb.com/?ctiid.304592 https://vuldb.com/?id.304592 https://vuldb.com/?submit.547878
Metrics	cvssV2_0 `{'score': 7.5, 'vector': 'AV:N/AC:L/Au:N/C:P/I:P/A:P'}` cvssV3_1 `{'score': 7.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L'}` cvssV4_0 `{'score': 6.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X'}`

Mon, 05 May 2025 12:15:00 +0000

Type	Values Removed	Values Added
Title	Lingxing ERP FileUpload.ashx DoUpload unrestricted upload
Metrics	ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Mon, 05 May 2025 11:45:00 +0000

Type	Values Removed	Values Added
Description	A vulnerability was found in Lingxing ERP 2 and classified as critical. Affected by this issue is the function DoUpload of the file /Api/FileUpload.ashx?method=DoUpload. The manipulation of the argument File leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment.	REJECT DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: The vendor was not able to verify the existence of the original vulnerability report and the researcher was not able to provide further proof.
Metrics	cvssV3_0 `{'score': 7.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L'}` cvssV4_0 `{'score': 6.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N'}`	cvssV4_0 `{'score': 6.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X'}`

Fri, 25 Apr 2025 13:45:00 +0000

Type	Values Removed	Values Added
Description	A vulnerability was found in Lingxing ERP 2 and classified as critical. Affected by this issue is the function DoUpload of the file /Api/FileUpload.ashx?method=DoUpload. The manipulation of the argument File leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.	A vulnerability was found in Lingxing ERP 2 and classified as critical. Affected by this issue is the function DoUpload of the file /Api/FileUpload.ashx?method=DoUpload. The manipulation of the argument File leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment.

Mon, 14 Apr 2025 15:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Mon, 14 Apr 2025 04:45:00 +0000

Type	Values Removed	Values Added
Description		A vulnerability was found in Lingxing ERP 2 and classified as critical. Affected by this issue is the function DoUpload of the file /Api/FileUpload.ashx?method=DoUpload. The manipulation of the argument File leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Title		Lingxing ERP FileUpload.ashx DoUpload unrestricted upload
Weaknesses		CWE-284 CWE-434
References		https://github.com/666lail/report/blob/main/tmp/fileUpload_1.md https://vuldb.com/?ctiid.304592 https://vuldb.com/?id.304592 https://vuldb.com/?submit.547878
Metrics		cvssV2_0 `{'score': 7.5, 'vector': 'AV:N/AC:L/Au:N/C:P/I:P/A:P'}` cvssV3_0 `{'score': 7.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L'}` cvssV3_1 `{'score': 7.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L'}` cvssV4_0 `{'score': 6.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N'}`

Projects

Sign in to view the affected projects.

MITRE

Status: REJECTED

Assigner: VulDB

Published: 2025-04-14T04:31:04.486Z

Updated: 2025-05-05T11:25:11.296Z

Reserved: 2025-04-13T22:13:58.107Z

Link: CVE-2025-3551

Vulnrichment

Updated:

NVD

Status : Rejected

Published: 2025-04-14T05:15:15.330

Modified: 2025-05-05T12:15:16.923

Link: CVE-2025-3551

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

No weakness.

Metrics

Affected Vendors & Products

Projects

JSON object

JSON object

JSON object

JSON object

JSON object