Unrated severityNVD Advisory· Published Jun 10, 2025· Updated Jun 10, 2025

CVE-2025-46612

Description

The Panel Designer dashboard in Airleader Master and Easy before 6.36 allows remote attackers to execute arbitrary commands via a wizard/workspace.jsp unrestricted file upload. To exploit this, the attacker must login to the administrator console (default credentials are weak and easily guessable) and upload a JSP file via the Panel Designer dashboard.

Affected products

Airleader/Master and Easydescription
Itrack/Easyllm-fuzzy
Range: <6.36
Airleader/Masterllm-fuzzy
Range: <6.36

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2025-036.txtmitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000