CVE-2025-9401
LOWDescription
A vulnerability has been found in HuangDou UTCMS 9. This vulnerability affects unknown code of the file app/modules/ut-frame/admin/login.php of the component Login. Such manipulation of the argument code leads to incorrect comparison. The attack can be executed remotely. The attack requires a high level of complexity. It is stated that the exploitability is difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS v3.1 Score
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| utcms_project | utcms |
References
Frequently Asked Questions
What is CVE-2025-9401? +
How severe is CVE-2025-9401? +
What products are affected by CVE-2025-9401? +
How do I check if I'm vulnerable to CVE-2025-9401? +
Related Vulnerabilities
A vulnerability exists in the ConsoleFindCommandMatchList function in libsymproc. so imported by ctpd that may lead to unauthorized execution of …
Kavita is a cross platform reading server. Prior to 0.9.0.2, an Improper Token validation flaw permits a remote and unauthenticated …
ServiceNow has addressed an input validation vulnerability that was identified in the Washington DC, Vancouver, and earlier Now Platform releases. …
Softaculous Webuzo contains an authentication bypass vulnerability through the password reset functionality. Remote, anonymous attackers can exploit this vulnerability to …
In Plesk Obsidian 18.0.70, _isAdminPasswordValid uses an == comparison. Thus, if the correct password is "0e" followed by any digit …
NetAlertX is a network, presence scanner, and alert framework. Prior to version 25.6.7, a vulnerability in the authentication logic allows …