CVE-2025-63695

Published Nov 18, 2025

Last updated 5 months ago

CVSS critical 9.8

Overview

Description
DzzOffice v2.3.7 and before is vulnerable to Arbitrary File Upload in /dzz/system/ueditor/php/controller.php.
Source
cve@mitre.org
NVD status
Analyzed
Products
dzzoffice

Risk scores

CVSS 3.1

Type
Secondary
Base score
9.8
Impact score
5.9
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity
CRITICAL

Weaknesses

134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE-434

Social media

Hype score
Not currently trending

Configurations

Related CVEs

  1. The comment editing template (dzz/comment/template/edit_form.htm) in DzzOffice 2.3.x lacks adequate security escaping for user-controllable data in multiple contexts, including HTML and JavaScript strings. This allows low-privilege attackers to construct comment content or request parameters and execute arbitrary JavaScript code when the victim opens the editing pop-up.CVE-2025-63693
  2. DzzOffice v2.3.7 and before is vulnerable to SQL Injection in explorer/groupmanage.CVE-2025-63694
  3. dzzoffice 2.02.1 is vulnerable to Directory Traversal via user/space/about.php.CVE-2024-41376
  4. There is Stored Cross-Site Scripting (XSS) in dzzoffice 2.02.1 SC UTF8 in uploadfile to index.php, with the XSS payload in an SVG document.CVE-2024-29273

References

Sources include official advisories and independent security research.