CVE-2025-9401

A vulnerability has been found in HuangDou UTCMS 9. This vulnerability affects unknown code of the file app/modules/ut-frame/admin/login.php of the component Login. Such manipulation of the argument code leads to incorrect comparison. The attack can be executed remotely. The attack requires a high level of complexity. It is stated that the exploitability is difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

CVSS v3 3.7 LOW
CVSS v2.0 2.6 LOW

3.7^/10

CVSS v3 : LOW

V3 Legend

Vector :

Exploitability : 2.2 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

2.6^/10

CVSS v2.0 : LOW

V2 Legend

Vector : AV:N/AC:H/Au:N/C:P/I:N/A:N

Exploitability : 4.9 / Impact : 2.9

Access Vector NETWORK

Access Complexity HIGH

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
https://github.com/August829/Yu/blob/main/20250811_2.md	Broken Link
https://github.com/August829/Yu/blob/main/20250811_2.md#poc	Broken Link
https://vuldb.com/?ctiid.321237	Permissions Required VDB Entry
https://vuldb.com/?id.321237	Third Party Advisory VDB Entry
https://vuldb.com/?submit.632536	Third Party Advisory VDB Entry

Configurations

Configuration 1 (hide)

cpe:2.3:a:utcms_project:utcms:9.0:*:*:*:*:*:*:*

History

31 Oct 2025, 13:58

Type	Values Removed	Values Added
First Time		Utcms Project Utcms Project utcms
CPE		cpe:2.3:a:utcms_project:utcms:9.0:::::::*
References	~~() https://github.com/August829/Yu/blob/main/20250811_2.md -~~	() https://github.com/August829/Yu/blob/main/20250811_2.md - Broken Link
References	~~() https://github.com/August829/Yu/blob/main/20250811_2.md#poc -~~	() https://github.com/August829/Yu/blob/main/20250811_2.md#poc - Broken Link
References	~~() https://vuldb.com/?ctiid.321237 -~~	() https://vuldb.com/?ctiid.321237 - Permissions Required, VDB Entry
References	~~() https://vuldb.com/?id.321237 -~~	() https://vuldb.com/?id.321237 - Third Party Advisory, VDB Entry
References	~~() https://vuldb.com/?submit.632536 -~~	() https://vuldb.com/?submit.632536 - Third Party Advisory, VDB Entry

25 Aug 2025, 20:24

Type	Values Removed	Values Added
Summary		(es) Se ha encontrado una vulnerabilidad en HuangDou UTCMS 9. Esta vulnerabilidad afecta al código desconocido del archivo app/modules/ut-frame/admin/login.php del componente Login. Esta manipulación del código del argumento provoca una comparación incorrecta. El ataque puede ejecutarse en remoto. Es un ataque de complejidad bastante alta. Parece difícil de explotar. Se ha hecho público el exploit y puede que sea utilizado. Se contactó al proveedor con antelación para informarle sobre esta divulgación, pero no respondió.

25 Aug 2025, 01:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-08-25 01:15

Updated : 2025-10-31 13:58

NVD link : CVE-2025-9401

Mitre link : CVE-2025-9401

CVE.ORG link : CVE-2025-9401

JSON object : View

Products Affected

utcms_project

utcms

CWE

CWE-697

Incorrect Comparison

3.7 /10

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

2.6 /10

Access Vector NETWORK

Access Complexity HIGH

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

JSON object

Attach tags to CVE-2025-9401

3.7^/10

2.6^/10

Attach tags to `CVE-2025-9401`