CVE-2025-1982— Local File Inclusion in Ready_

EPSS 0.25% · P48 Updated Apr 17, 2025

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2025-1982

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

Local File Inclusion in Ready_

Source: NVD (National Vulnerability Database)

Vulnerability Description

Local File Inclusion vulnerability in Ready's attachment upload panel allows low privileged user to provide link to a local file using the file:// protocol thus allowing the attacker to read content of the file. This vulnerability can be use to read content of system files.

Source: NVD (National Vulnerability Database)

CVSS Information

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Type

对外部实体的文件或目录可访问

Source: NVD (National Vulnerability Database)

Vulnerability Title

Symfonia Ready_ 安全漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

Symfonia Ready_是Symfonia公司的一个为公司构建程序的操作系统，可以使用现成的模块和业务应用程序。 Symfonia Ready_存在安全漏洞，该漏洞源于附件上传面板允许本地文件包含，可能导致系统文件内容泄露。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
Symfonia	Ready_	7.0.0.0 ~ 7.19.39.23	-

II. Public POCs for CVE-2025-1982

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2025-1982

请登录查看更多情报信息。

https://ready-os.com/pl/product
https://cert.pl/posts/2025/04/CVE-2025-1980third-party-advisory
Vulnerabilities in Symfonia Ready_ software | CERT Polskathird-party-advisory
https://nvd.nist.gov/vuln/detail/CVE-2025-1982

Same Patch Batch · Symfonia · 2025-04-16 · 4 CVEs total

CVE-2025-1981		SQL Injection in Ready_
CVE-2025-1980		Remote Code Execution via Unrestricted File Upload in Ready_
CVE-2025-1983		Stored Cross-Site Scripting in Ready_

IV. Related Vulnerabilities

Same product: Ready_

Same vendor: Symfonia

Same weakness: CWE-552

V. Comments for CVE-2025-1982

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2025-1982— Local File Inclusion in Ready_

I. Basic Information for CVE-2025-1982

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2025-1982

III. Intelligence Information for CVE-2025-1982

Same Patch Batch · Symfonia · 2025-04-16 · 4 CVEs total

IV. Related Vulnerabilities

V. Comments for CVE-2025-1982

Leave a comment