VYPR
← All advisories
Medium severity5.3NVD Advisory· Published Apr 1, 2025· Updated Apr 15, 2026

CVE-2025-3043

CVE-2025-3043

Description

A vulnerability, which was classified as critical, has been found in GuoMinJim PersonManage 1.0. This issue affects the function preHandle of the file /login/. The manipulation of the argument Request leads to path traversal. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

In PersonManage 1.0, the /login/ preHandle function lacks proper access control, enabling unauthenticated, remote path traversal attacks.

Root

Cause A path traversal vulnerability exists in the preHandle function of the /login/ endpoint in PersonManage 1.0. The function fails to validate or sanitize the Request argument, allowing an attacker to manipulate it and traverse directories outside the intended web root [1][2].

Exploitation

This flaw can be triggered remotely without authentication. An attacker sends a specially crafted HTTP request to the /login/ path, injecting path traversal sequences (such as ../) into the Request argument. No special privileges or network proximity are required beyond the ability to reach the application [1][2].

Impact

Successful exploitation enables an unauthenticated attacker to read arbitrary files from the server's filesystem. This can expose sensitive configuration files, credentials, or other data stored outside the public web directory. The vulnerability has been publicly disclosed, making exploitation more likely [1][2].

Mitigation

The product follows a rolling release model, and no specific patched version is available. Users should monitor the repository for updates and consider implementing input validation and access controls on the /login/ endpoint as temporary workarounds [1][2].

References
  1. The system has unauthorized access vulnerabilities
  2. The system has unauthorized access vulnerabilities

AI Insight generated on May 20, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

1

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

5

News mentions

0

No linked articles in our index yet.