CRITICAL✓ PATCH🇵🇱 Wersja polska

CVE-2025-54945

CVSS 10.0v4.0pub. 2025-08-30upd. 2026-01-30

An external control of file name or path vulnerability in SUNNET Corporate Training Management System before 10.11 allows remote attackers to execute arbitrary system commands via a malicious file by controlling the destination file path.

🤖 AI Analysis
How it works

The vulnerability (CWE-73 — External Control of File Name or Path) is based on the application allowing an external attacker to control the target path of a saved file. By uploading a specially crafted file and specifying any target path, an attacker can place a malicious file anywhere in the server's file system. Subsequently, it is possible to execute this file as a system command, leading to full RCE — without the need for any privileges or user interaction.

Impact

An attacker gains the ability to execute arbitrary system commands on the server, which in practice means complete takeover of the system, possibility of data theft, installation of a backdoor, or lateral movement within the internal network.

Mitigation & patch

SUNNET Corporate Training Management System should be immediately updated to version 10.11 or newer. Details are available in the vendor references and in advisory ZA-2025-13 published by ZUSO AI (https://zuso.ai/advisory/za-2025-13). Until the patch is applied, it is recommended to restrict network access to the system or isolate it behind a firewall.

Who is affected

SUNNET Corporate Training Management System (Sun.Net Ehrd Ctms) in versions before 10.11

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
  • Sun.net Ehrd Ctms

    APP
    Sun.Net
    < 10.11
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
CWE
References

Related vulnerabilities

CVE-2025-54942CRITICAL9.3PL ✓ten sam produkt

Brak uwierzytelnienia w SUNNET CTMS — dostęp do funkcji wdrożeniowych

CVE-2025-54943CRITICAL9.3PL ✓ten sam produkt

Brak autoryzacji w SUNNET CTMS umożliwia nieautoryzowane wdrożenie aplikacji

CVE-2025-54946CRITICAL9.3PL ✓ten sam produkt

SQL Injection w SUNNET Corporate Training Management System

CVE-2024-10440CRITICAL9.8PL ✓ten sam produkt

SQL Injection w eHDR CTMS (Sunnet) umożliwia nieautoryzowany dostęp do bazy

CVE-2026-7489HIGH8.7ten sam produkt

CTMS developed by Sunnet has a SQL Injection vulnerability, allowing authenticated remote attackers to inject ...