CVE-2025-11318

A security flaw has been discovered in Tipray 厦门天锐科技股份有限公司 Data Leakage Prevention System 天锐数据泄露防护系统 1.0. This vulnerability affects unknown code of the file uploadWxFile.do. The manipulation of the argument File results in unrestricted upload. The attack may be performed from remote. The exploit has been released to the public and may be exploited. The vendor was contacted early about this disclosure but did not respond in any way.

Published: Oct 6, 2025
Updated: Nov 4, 2025
CVE: CVE-2025-11318
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.3
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

CVSS v2:

Severity: High
Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

CWEs:

CWE-284
CWE-434

OWASP TOP 10:

A5 - Broken Access Control

Affected Software
References

Software	From	Fixed in
tipray / data_leakage_prevention_system	1.0	1.0.x

https://github.com/FightingLzn9/vul/blob/main/%E5%A4%A9%E9%94%90%E6%95%B0%E6%8D%AE%E6%B3%84%E9%9C%B2%E9%98%B2%E6%8A%A4%E7%B3%BB%E7%BB%9F-10.md
https://vuldb.com/?ctiid.327199
https://vuldb.com/?id.327199
https://vuldb.com/?submit.663517

Vulnerability Database

CVE-2025-11318

Deep Security Visibility Without the Complexity