Medium severity6.3NVD Advisory· Published Aug 29, 2025· Updated Apr 29, 2026
CVE-2025-9602
CVE-2025-9602
Description
A vulnerability was found in Xinhu RockOA up to 2.6.9. Impacted is the function publicsaveAjax of the file /index.php. Performing manipulation results in improper authorization. The attack is possible to be carried out remotely. The exploit has been made public and could be used.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2Patches
Vulnerability mechanics
References
5- github.com/rainrocka/xinhu/issues/9nvdExploitIssue TrackingVendor Advisory
- github.com/rainrocka/xinhu/issues/9nvdExploitIssue TrackingVendor Advisory
- vuldb.comnvdThird Party AdvisoryVDB Entry
- vuldb.comnvdThird Party AdvisoryVDB Entry
- vuldb.comnvdPermissions RequiredVDB Entry
News mentions
0No linked articles in our index yet.