CVE-2025-11221
CVE-2025-11221
9.4
CriticalPublished:
Last updated:
Source:09832df1-09c1-45b4-8a85-16c601d30feb
Deferred
Weakness (CWE)
CVSS Vector
v4.0- Attack Vector
- Adjacent
- Attack Complexity
- Low
- Attack Requirements
- None
- Privileges Required
- None
- User Interaction
- None
- Confidentiality (Vulnerable)
- High
- Integrity (Vulnerable)
- High
- Availability (Vulnerable)
- High
- Confidentiality (Subsequent)
- High
- Integrity (Subsequent)
- High
- Availability (Subsequent)
- High
Description
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), Unrestricted Upload of File with Dangerous Type vulnerability in GTONE ChangeFlow allows Path Traversal, Accessing Functionality Not Properly Constrained by ACLs.This issue affects ChangeFlow: from All versions through v9.0.1.1.
References
09832df1-09c1-45b4-8a85-16c601d30feb
http://www.gtone.co.kr/kr/application-lifecycle-management.php