Organization Portal System
CVE-2025-8909
HIGH
Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
2DescriptionCVE.org
Organization Portal System developed by WellChoose has an Arbitrary File Reading vulnerability, allowing remote attackers with regular privileges to exploit Absolute Path Traversal to download arbitrary system files.
AnalysisAI
Organization Portal System developed by WellChoose has an Arbitrary File Reading vulnerability, allowing remote attackers with regular privileges to exploit Absolute Path Traversal to download. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-36. Organization Portal System developed by WellChoose has an Arbitrary File Reading vulnerability, allowing remote attackers with regular privileges to exploit Absolute Path Traversal to download arbitrary system files. Affected products include: Wellchoose Organization Portal System.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
More in Organization Portal System
View allLFI to RCE in IFTOP by WellChoose.
Organization Portal System developed by WellChoose has a Local File Inclusion vulnerability, allowing unauthenticated re
Organization Portal System developed by WellChoose has an Arbitrary File Reading vulnerability, allowing unauthenticated
Organization Portal System developed by WellChoose has a SQL Injection vulnerability, allowing unauthenticated remote at
Reflected XSS in the Organization Portal System's IFTOP module enables authenticated attackers to inject malicious JavaS
WellChoose's IFTOP Organization Portal System contains an open redirect vulnerability that permits authenticated attacke
Organization Portal System developed by WellChoose has a Reflected Cross-site Scripting vulnerability, allowing unauthen
Organization Portal System developed by WellChoose has a Reflected Cross-site Scripting vulnerability, allowing unauthen
Same weakness CWE-36 – Absolute Path Traversal
View allSame technique Path Traversal
View allShare
External POC / Exploit Code
Leaving vuln.today