CVE-2025-9570 MEDIUM

CVE-2025-9570: Sunnet｜eHRD CTMS - Arbitrary File Reading through Path Traversal

Vendor Sunnet

Product eHRD CTMS

Weakness CWE-23

Published September 1, 2025

Last update September 2, 2025

View on NVD All CVEs

CVSS base score

6.9/10

Attack vector Network

Attack complexity Low

Privileges required High

User interaction None

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

01Description

The eHRD CTMS developed by Sunnet has an Arbitrary File Reading vulnerability, allowing remote attackers with administrator privileges to exploit Relative Path Traversal to download arbitrary system files.

Key dates

02Disclosure timeline

September 1, 2025 CVE published

September 2, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-9570

Related vulnerabilities

CVE-2025-9570: Sunnet｜eHRD CTMS - Arbitrary File Reading through Path Traversal

01Description

02Disclosure timeline

03References

04Related CVE