CVE-2025-14253— Galaxy Software Services|Vitals ESP - Arbitrary File Read
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2025-14253
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Galaxy Software Services|Vitals ESP - Arbitrary File Read
Source: NVD (National Vulnerability Database)
Vulnerability Description
Vitals ESP developed by Galaxy Software Services has an Arbitrary File Read vulnerability, allowing privileged remote attackers to exploit Absolute Path Traversal to download arbitrary system files.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
绝对路径遍历
Source: NVD (National Vulnerability Database)
Vulnerability Title
Galaxy Software Services Vitals ESP 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Galaxy Software Services Vitals ESP是中国叡扬资讯(Galaxy Software Services)公司的一个用于办公的知识管理系统。 Galaxy Software Services Vitals ESP存在安全漏洞,该漏洞源于绝对路径遍历,可能导致任意文件读取。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Galaxy Software Services | Vitals ESP | 0 ~ 6.3 | - |
II. Public POCs for CVE-2025-14253
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2025-14253
请登录查看更多情报信息。
Same Patch Batch · Galaxy Software Services · 2025-12-08 · 3 CVEs total
| CVE-2025-14255 | 6.5 MEDIUM | Galaxy Software Services|Vitals ESP - SQL Injection |
| CVE-2025-14254 | 6.5 MEDIUM | Galaxy Software Services|Vitals ESP - SQL Injection |
IV. Related Vulnerabilities
Same product: Vitals ESP
- CVE-2026-4640
Galaxy Software Services|Vitals ESP - Missing Authentication - CVE-2026-4639
Galaxy Software Services|Vitals ESP - Incorrect Authorizatio - CVE-2025-14255
Galaxy Software Services|Vitals ESP - SQL Injection - CVE-2025-14254
Galaxy Software Services|Vitals ESP - SQL Injection - CVE-2025-31342
Galaxy Software Services Vitals ESP Forum Module - Unrestric
Same vendor: Galaxy Software Services
- CVE-2026-4640
Galaxy Software Services|Vitals ESP - Missing Authentication - CVE-2026-4639
Galaxy Software Services|Vitals ESP - Incorrect Authorizatio - CVE-2025-14255
Galaxy Software Services|Vitals ESP - SQL Injection - CVE-2025-14254
Galaxy Software Services|Vitals ESP - SQL Injection - CVE-2023-41357
Galaxy Software Services Vitals ESP - Arbitrary File Upload
Same weakness: CWE-36
- CVE-2026-6418
PaperCut NG/MF: Path Traversal in Shared Account Synchroniza - CVE-2026-44029
Nix 安全漏洞 - CVE-2026-7217
Deepractice PromptX Document File index.ts read_pdf absolute - CVE-2026-34515
AIOHTTP: UNC SSRF/NTLMv2 Credential Theft/Local File Read in - CVE-2026-4373
JetFormBuilder <= 3.5.6.2 - Unauthenticated Arbitrary File R
V. Comments for CVE-2025-14253
No comments yet