ShuoRen Smart Heating Integrated Management Platform ExampleNodeService.asmx unrestricted upload

A flaw has been found in ShuoRen Smart Heating Integrated Management Platform 1.0.0. Affected by this vulnerability is an unknown functionality of the file /MP/Service/Webservice/ExampleNodeService.asmx. Executing a manipulation of the argument File can lead to unrestricted upload. It is possible to launch the attack remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Problem type

Affected products

ShuoRen

Smart Heating Integrated Management Platform

1.0.0 - AFFECTED

References

VDB-347381 | ShuoRen Smart Heating Integrated Management Platform ExampleNodeService.asmx unrestricted upload

https://vuldb.com/?id.347381

vdb-entrytechnical-description

VDB-347381 | CTI Indicators (IOB, IOC, TTP, IOA)

https://vuldb.com/?ctiid.347381

signaturepermissions-required

Submit #756376 | 北京硕人时代科技股份有限公司北京硕人时代智慧供热平台 1.0.0 未登录下文件上传以及下载

https://vuldb.com/?submit.756376

third-party-advisory

GitHub Security Advisories

GHSA-pfjc-cfqc-87f5

A flaw has been found in ShuoRen Smart Heating Integrated Management Platform 1.0.0. Affected by...

https://github.com/advisories/GHSA-pfjc-cfqc-87f5

nvd.nist.gov

https://nvd.nist.gov/vuln/detail/CVE-2026-3025

vuldb.com

https://vuldb.com/?ctiid.347381

vuldb.com

https://vuldb.com/?id.347381

vuldb.com

https://vuldb.com/?submit.756376

github.com

https://github.com/advisories/GHSA-pfjc-cfqc-87f5

JSON source

https://cveawg.mitre.org/api/cve/CVE-2026-3025

Click to expand

{
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "cveMetadata": {
    "cveId": "CVE-2026-3025",
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "dateUpdated": "2026-02-23T20:02:07.178Z",
    "dateReserved": "2026-02-23T13:59:09.845Z",
    "datePublished": "2026-02-23T20:02:07.178Z",
    "state": "PUBLISHED"
  },
  "containers": {
    "cna": {
      "providerMetadata": {
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB",
        "dateUpdated": "2026-02-23T20:02:07.178Z"
      },
      "title": "ShuoRen Smart Heating Integrated Management Platform ExampleNodeService.asmx unrestricted upload",
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw has been found in ShuoRen Smart Heating Integrated Management Platform 1.0.0. Affected by this vulnerability is an unknown functionality of the file /MP/Service/Webservice/ExampleNodeService.asmx. Executing a manipulation of the argument File can lead to unrestricted upload. It is possible to launch the attack remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
        }
      ],
      "affected": [
        {
          "vendor": "ShuoRen",
          "product": "Smart Heating Integrated Management Platform",
          "versions": [
            {
              "version": "1.0.0",
              "status": "affected"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "lang": "en",
              "description": "Unrestricted Upload",
              "cweId": "CWE-434",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "lang": "en",
              "description": "Improper Access Controls",
              "cweId": "CWE-284",
              "type": "CWE"
            }
          ]
        }
      ],
      "references": [
        {
          "url": "https://vuldb.com/?id.347381",
          "name": "VDB-347381 | ShuoRen Smart Heating Integrated Management Platform ExampleNodeService.asmx unrestricted upload",
          "tags": [
            "vdb-entry",
            "technical-description"
          ]
        },
        {
          "url": "https://vuldb.com/?ctiid.347381",
          "name": "VDB-347381 | CTI Indicators (IOB, IOC, TTP, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ]
        },
        {
          "url": "https://vuldb.com/?submit.756376",
          "name": "Submit #756376 | 北京硕人时代科技股份有限公司 北京硕人时代智慧供热平台 1.0.0 未登录下文件上传以及下载",
          "tags": [
            "third-party-advisory"
          ]
        }
      ],
      "metrics": [
        {},
        {
          "cvssV3_1": {
            "version": "3.1",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
            "baseScore": 7.3,
            "baseSeverity": "HIGH"
          }
        },
        {
          "cvssV3_0": {
            "version": "3.0",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
            "baseScore": 7.3,
            "baseSeverity": "HIGH"
          }
        },
        {
          "cvssV2_0": {
            "version": "2.0",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
            "baseScore": 7.5
          }
        }
      ],
      "timeline": [
        {
          "time": "2026-02-23T00:00:00.000Z",
          "lang": "en",
          "value": "Advisory disclosed"
        },
        {
          "time": "2026-02-23T01:00:00.000Z",
          "lang": "en",
          "value": "VulDB entry created"
        },
        {
          "time": "2026-02-23T15:04:31.000Z",
          "lang": "en",
          "value": "VulDB entry last update"
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "zsmaaa (VulDB User)",
          "type": "reporter"
        }
      ]
    }
  }
}