从网页截图中可以获取以下关于漏洞的关键信息: TVN ID: TVN-202512008 CVE ID: - CVE-2025-15225 - CVE-2025-15226 CVSS: - CVE-2025-15225: 7.5 (High) CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N - CVE-2025-15226: 9.8 (Critical) CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: WMPro from version 5.0 to 5.2 Description: - CVE-2025-15225: WMPro has an Arbitrary File Read vulnerability, allowing unauthenticated remote attackers to exploit Relative Path Traversal to read arbitrary system files. - CVE-2025-15226: WMPro has an Arbitrary File Upload vulnerability, allowing unauthenticated remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server. Solution: Contact the vendor to install patches and adjust system settings. Credit: Cyku Hong (DEVCORE) Public Date: 2025-12-29 Links: 1. [CVE-2025-15225][link1] 2. [CVE-2025-15226][link2] [link1]: "CVE-2025-15225" [link2]: "CVE-2025-15226"