Unrated severityNVD Advisory· Published Dec 5, 2025· Updated Dec 5, 2025
CVE-2025-65879
CVE-2025-65879
Description
Warehouse Management System 1.2 contains an authenticated arbitrary file deletion vulnerability. The /goods/deleteGoods endpoint accepts a user-controlled goodsimg parameter, which is directly concatenated with the server's UPLOAD_PATH and passed to File.delete() without validation. A remote authenticated attacker can delete arbitrary files on the server by supplying directory traversal payloads.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
1- Warehouse Management System/Warehouse Management Systemdescription
Patches
Vulnerability mechanics
References
1News mentions
0No linked articles in our index yet.