CVE-2025-1947
published 2025-03-04CVE-2025-1947: A vulnerability classified as critical has been found in hzmanyun Education and Training System 2.1.3. This affects the function scorm of the file…
PriorityP270critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
4.69%
90.6th percentile
A vulnerability classified as critical has been found in hzmanyun Education and Training System 2.1.3. This affects the function scorm of the file UploadImageController.java. The manipulation of the argument param leads to command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| hzmanyun | education_and_training_system | — | — |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv4.05.3MEDIUMCVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
nvdv2.06.5MEDIUMAV:N/AC:L/Au:S/C:P/I:P/A:P
vendor_redhat7.8HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-6jf7-p33c-7gw9: A vulnerability classified as critical has been found in hzmanyun Education and Training System 2
ghsa_unreviewed·2025-03-04
CVE-2025-1947 [MEDIUM] CWE-74 GHSA-6jf7-p33c-7gw9: A vulnerability classified as critical has been found in hzmanyun Education and Training System 2
A vulnerability classified as critical has been found in hzmanyun Education and Training System 2.1.3. This affects the function scorm of the file UploadImageController.java. The manipulation of the argument param leads to command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Red Hat
vim: Vim for Windows: Uncontrolled search path vulnerability allows arbitrary code execution
vendor_redhat·2025-12-02·CVSS 7.8
CVE-2025-66476 [HIGH] CWE-427 vim: Vim for Windows: Uncontrolled search path vulnerability allows arbitrary code execution
vim: Vim for Windows: Uncontrolled search path vulnerability allows arbitrary code execution
Vim is an open source, command line text editor. Prior to version 9.1.1947, an uncontrolled search path vulnerability on Windows allows Vim to execute malicious executables placed in the current working directory for the current edited file. On Windows, when using cmd.exe as a shell, Vim resolves external commands by searching the current working directory before system paths. When Vim invokes tools such as findstr for :grep, external commands or filters via :!, or compiler/:make commands, it may inadvertently run a malicious executable present in the same directory as the file being edited. The issue affects Vim for Windows prior to version 9.1.1947.
An uncontrolled search-path vulnerability in
No detection rules found.
No public exploits indexed.
2025-03-04
Published