CVE-2025-15227

HIGH SEVERITY

CVSS Score & Metrics

Base Score

7.5 / 10

Vector String

                                        CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N                                    

Vulnerability Description

BPMFlowWebkit developed by WELLTEND TECHNOLOGY has a Arbitrary File Read vulnerability, allowing unauthenticated remote attackers to exploit Absolute Path Traversal to download arbitrary system files.

Vulnerability Details

Published Date

December 29, 2025

Last Modified

December 31, 2025

CWE ID

CWE-36

Source

NVD

Vendor

welltend

Product

bpmflowwebkit

External References

https://www.twcert.org.tw/en/cp-139-10605-426b6-2.html
https://www.twcert.org.tw/tw/cp-132-10604-c65aa-1.html

CVE-2025-15227

CVSS Score & Metrics

Vulnerability Description

Vulnerability Details

External References

Discussion (0)

Add Comment