cvedb.io
CVE-2025-65897
HIGH · CVSS 8.8
EPSS exploitation probability: 0%
Published 2025-12-05T16:15:50.913 · Last modified 2026-06-17T09:56:04.943

Summary

zdh_web is a data collection, processing, monitoring, scheduling, and management platform. In zdh_web thru 5.6.17, insufficient validation of file upload paths in the application allows an authenticated user to write arbitrary files to the server file system, potentially overwriting existing files and leading to privilege escalation or remote code execution.

Affected products

zhaoyachao — zdh_web

Does this affect you?

Add your gear to cvedb and we'll alert you only when zhaoyachao ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.