CVE-2025-10273
Description
A vulnerability was identified in erjinzhi 10OA 1.0. Affected by this vulnerability is an unknown functionality of the file /view/file.aspx. Such manipulation of the argument File leads to path traversal. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Path traversal vulnerability in erjinzhi 10OA 1.0 via /view/file.aspx allows unauthenticated attackers to read arbitrary files, such as Windows configuration files.
A path traversal vulnerability exists in the file.aspx endpoint of erjinzhi 10OA version 1.0. The root cause is insufficient validation and sanitization of the 'File' query parameter, allowing directory traversal sequences like ../ to be processed without restriction [1].
The vulnerability can be exploited by sending a crafted GET request to /view/file.aspx with a malicious File parameter. No authentication is required, making the attack accessible to any remote attacker. An example payload includes ../../../../../../../../../../../../../../windows/win.ini to read the Windows system configuration file [1].
Successful exploitation allows an attacker to read arbitrary files on the server, including sensitive configuration files, credentials, and log data. This could lead to further compromise if combined with other vulnerabilities, as the attacker gains insight into the system's internal structure [1].
As of the disclosure date, the vendor has not responded to the report, and no patch is available. Users should consider mitigating controls such as web application firewall rules to block path traversal patterns [1].
AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
4- github.com/1276486/CVE/issues/8nvdExploitIssue TrackingThird Party Advisory
- vuldb.comnvdThird Party AdvisoryVDB Entry
- vuldb.comnvdThird Party AdvisoryVDB Entry
- vuldb.comnvdPermissions RequiredVDB Entry
News mentions
0No linked articles in our index yet.