What the vulnerability does
01Description
WMPro developed by Sunnet has an Arbitrary File Read vulnerability, allowing unauthenticated remote attackers to exploit Relative Path Traversal to read arbitrary system files.
CVSS base score
8.7/10
CVSS vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
Key dates
02Disclosure timeline
December 29, 2025
CVE published
December 29, 2025
Record updated
External resources
03References
Related vulnerabilities
04Related CVE
CVE-2025-58429 AutomationDirect Productivity Suite Relative Path Traversal
CVE-2022-38202 BUG-000152121 - Directory traversal vulnerability in ArcGIS Server.
CVE-2024-0335 Malformed Packet Handling
CVE-2025-59835 LangBot has a cross-directory file upload vulnerability, which could lead to system takeover
CVE-2025-23011 Fedora Repository archive extraction path traversal
