CVE-2025-15446

Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: The vendor mentioned in the original disclosure filed a report that this issue affects a different vendor. The researcher was not able to provide a proof for his disputed claim which is why the CNA decided to revoke the whole entry.

CVSS

No CVSS.

References

No reference.

Configurations

No configuration.

History

02 Feb 2026, 07:16

Type	Values Removed	Values Added
CPE	cpe:2.3:a:seeyon:oa_web_application_system:1.0:::::::*
CVSS	v2 : ~~7.5~~ v3 : ~~7.3~~	v2 : unknown v3 : unknown
References	~~{'url': 'https://github.com/xiaozipang/CVE/issues/2', 'tags': ['Exploit', 'Issue Tracking', 'Third Party Advisory'], 'source': '134c704f-9b21-4f2e-91b3-4a467353bcc0'}~~ ~~{'url': 'https://vuldb.com/?ctiid.339479', 'tags': ['Permissions Required', 'VDB Entry'], 'source': 'cna@vuldb.com'}~~ ~~{'url': 'https://vuldb.com/?id.339479', 'tags': ['Third Party Advisory', 'VDB Entry'], 'source': 'cna@vuldb.com'}~~ ~~{'url': 'https://vuldb.com/?submit.721917', 'tags': ['Third Party Advisory', 'VDB Entry'], 'source': 'cna@vuldb.com'}~~
CWE	CWE-89 CWE-74
Summary	(en) A flaw has been found in Seeyon Zhiyuan OA Web Application System up to 20251223. The impacted element is an unknown function of the file /assetsGroupReport/fixedAssetsList.j%73p. Executing a manipulation of the argument unitCode can lead to sql injection. The attack may be performed from remote. The exploit has been published and may be used. The real existence of this vulnerability is still doubted at the moment. Seeyon filed a report that this issue does not affect their product but might affect a product of another vendor.	(en) Rejected reason: REJECT DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: The vendor mentioned in the original disclosure filed a report that this issue affects a different vendor. The researcher was not able to provide a proof for his disputed claim which is why the CNA decided to revoke the whole entry.

29 Jan 2026, 10:15

Type	Values Removed	Values Added
Summary	(en) A flaw has been found in Seeyon Zhiyuan OA Web Application System up to 20251223. The impacted element is an unknown function of the file /assetsGroupReport/fixedAssetsList.j%73p. Executing a manipulation of the argument unitCode can lead to sql injection. The attack may be performed from remote. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.	(en) A flaw has been found in Seeyon Zhiyuan OA Web Application System up to 20251223. The impacted element is an unknown function of the file /assetsGroupReport/fixedAssetsList.j%73p. Executing a manipulation of the argument unitCode can lead to sql injection. The attack may be performed from remote. The exploit has been published and may be used. The real existence of this vulnerability is still doubted at the moment. Seeyon filed a report that this issue does not affect their product but might affect a product of another vendor.

22 Jan 2026, 20:34

Type	Values Removed	Values Added
CPE		cpe:2.3:a:seeyon:oa_web_application_system:1.0:::::::*
References	~~() https://github.com/xiaozipang/CVE/issues/2 -~~	() https://github.com/xiaozipang/CVE/issues/2 - Exploit, Issue Tracking, Third Party Advisory
References	~~() https://vuldb.com/?ctiid.339479 -~~	() https://vuldb.com/?ctiid.339479 - Permissions Required, VDB Entry
References	~~() https://vuldb.com/?id.339479 -~~	() https://vuldb.com/?id.339479 - Third Party Advisory, VDB Entry
References	~~() https://vuldb.com/?submit.721917 -~~	() https://vuldb.com/?submit.721917 - Third Party Advisory, VDB Entry
First Time		Seeyon oa Web Application System Seeyon

05 Jan 2026, 22:15

Type	Values Removed	Values Added
References	~~() https://github.com/xiaozipang/CVE/issues/2 -~~	() https://github.com/xiaozipang/CVE/issues/2 -

04 Jan 2026, 23:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-01-04 23:15

Updated : 2026-02-02 07:16

NVD link : CVE-2025-15446

Mitre link : CVE-2025-15446

CVE.ORG link : CVE-2025-15446

JSON object : View

Products Affected

No product.

CWE

No CWE.

JSON object

Attach tags to CVE-2025-15446

Attach tags to `CVE-2025-15446`