CVE-2025-54945 CRITICAL

CVE-2025-54945: SUNNET Corporate Training Management System - External Control of File Name or Path

Vendor Sunnet Technology Co., Ltd.
Product Corporate Training Management System
Weakness CWE-73
Published August 30, 2025
Last update January 30, 2026

CVSS base score

10.0/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

What the vulnerability does

01Description

An external control of file name or path vulnerability in SUNNET Corporate Training Management System before 10.11 allows remote attackers to execute arbitrary system commands via a malicious file by controlling the destination file path.

Key dates

02Disclosure timeline

August 30, 2025 CVE published
January 30, 2026 Record updated