High severity7.5NVD Advisory· Published Oct 28, 2025· Updated Apr 15, 2026

CVE-2025-60805

Description

An issue was discovered in BESSystem BES Application Server thru 9.5.x allowing unauthorized attackers to gain sensitive information via the "pre-resource" option in bes-web.xml.

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

bes.comnvd
www.bessystem.com/appserver/dtds/bes-web-app_2_5-0.dtdnvd
gist.github.com/Liu2000622/7a6294f7421ef50c378a456ca9494714nvd
www.bessystem.com/product/0ad9b8c4d6af462b8d15723a5f25a87d/infonvd

News mentions

No linked articles in our index yet.

cvss	0.488
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000