Browse all 3 CVE security advisories affecting iworks. AI-powered Chinese analysis, POCs, and references for each vulnerability.
iworks is a document management system designed for handling and organizing digital files across organizations. Historically, vulnerabilities in iworks have included remote code execution, cross-site scripting, and privilege escalation, often stemming from insufficient input validation and access control flaws. The product has accumulated three CVEs, highlighting ongoing security challenges. While no major public incidents have been widely reported, the presence of multiple CVEs suggests potential risks for organizations relying on the platform. Users should prioritize timely patching and harden configurations to mitigate known vulnerabilities.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-12960 | Simple CSV Table <= 1.0.1 - Directory Traversal to Authenticated (Contributor+) Arbitrary File Read — Simple CSV TableCWE-22 | 6.5 | Medium | 2025-12-12 |
| CVE-2025-12538 | Fleet Manager <= 2.5.1 - Authenticated (Editor+) Stored Cross-Site Scripting — Fleet ManagerCWE-79 | 4.4 | Medium | 2025-11-11 |
| CVE-2024-8967 | PWA — easy way to Progressive Web App <= 1.6.3 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload — PWA — easy way to Progressive Web AppCWE-79 | 6.4 | Medium | 2024-10-02 |
This page lists every published CVE security advisory associated with iworks. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.