CVE-2025-65897
- Source
- https://cve.org/CVERecord?id=CVE-2025-65897
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-65897.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2025-65897
- Published
- 2025-12-05T16:15:50.913Z
- Modified
- 2025-12-14T04:48:50.815795Z
- Severity
-
- 8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
zdhweb is a data collection, processing, monitoring, scheduling, and management platform. In zdhweb thru 5.6.17, insufficient validation of file upload paths in the application allows an authenticated user to write arbitrary files to the server file system, potentially overwriting existing files and leading to privilege escalation or remote code execution.
- References
Affected packages
Git / github.com/zhaoyachao/zdh_web
Affected ranges
- Type
- GIT
- Repo
- https://github.com/zhaoyachao/zdh_web
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Database specific
source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-65897.json"
vanir_signatures
[
{
"signature_version": "v1",
"deprecated": false,
"digest": {
"length": 2548.0,
"function_hash": "91768577363065894685209461253109520989"
},
"signature_type": "Function",
"id": "CVE-2025-65897-0d9e76cb",
"source": "https://github.com/zhaoyachao/zdh_web/commit/b2423378a8bf83f159f19ce4e14eac71c939793a",
"target": {
"function": "check_spark_sql_blood_source",
"file": "src/main/java/com/zyc/zdh/job/CheckBloodSourceJob.java"
}
},
{
"signature_version": "v1",
"deprecated": false,
"digest": {
"line_hashes": [
"199181650342371745073026715696162415178",
"174996342148892350554278450531960167474",
"144119033017983154445155306985969644366",
"100680749018130059350351804718394403421",
"149307315187287824614794455151165617055",
"265116248976669993071164280490275059640",
"283895892354576646823176836025250296533",
"237753621820296420006996330180087350178",
"249802354329459554565947398974740262809",
"54959120002130490648751249006070852361",
"12403742264417137375483531035443618932",
"292290085775234270688279371660680638445",
"87387189205344804696582460896464409936",
"228236045168746193158352998138980661461",
"192395895349229251042971538078808304502"
],
"threshold": 0.9
},
"signature_type": "Line",
"id": "CVE-2025-65897-155964e6",
"source": "https://github.com/zhaoyachao/zdh_web/commit/b2423378a8bf83f159f19ce4e14eac71c939793a",
"target": {
"file": "src/main/java/com/zyc/zdh/job/JobCommon2.java"
}
},
{
"signature_version": "v1",
"deprecated": false,
"digest": {
"length": 2622.0,
"function_hash": "241932710999546682221941911044307532385"
},
"signature_type": "Function",
"id": "CVE-2025-65897-21c61155",
"source": "https://github.com/zhaoyachao/zdh_web/commit/b2423378a8bf83f159f19ce4e14eac71c939793a",
"target": {
"function": "etl_task_ssh_add",
"file": "src/main/java/com/zyc/zdh/controller/ZdhSshController.java"
}
},
{
"signature_version": "v1",
"deprecated": false,
"digest": {
"length": 2803.0,
"function_hash": "312899998740382465115727752436336399636"
},
"signature_type": "Function",
"id": "CVE-2025-65897-30ea23fe",
"source": "https://github.com/zhaoyachao/zdh_web/commit/b2423378a8bf83f159f19ce4e14eac71c939793a",
"target": {
"function": "sql_task_update",
"file": "src/main/java/com/zyc/zdh/controller/ZdhSshController.java"
}
},
{
"signature_version": "v1",
"deprecated": false,
"digest": {
"line_hashes": [
"274880489556645493808002368380863650987",
"62911430252308474501215073894732725811",
"240727846985810634160932113366782861584",
"240970103471839171503971756878865554280",
"117267850668493201769606642566244977113",
"170328621582340061313929246559948743162",
"142422681462161490741389529542747586060",
"233805056024764256728627144894480093285",
"38729749502139555260112044460335760299",
"198580948145556371982579732900379677031",
"229481074960054432842691845362969126974",
"287298593591212822654850502645437992683",
"178735145500479700124072200690667117201",
"133571987936870099650144786818544672661",
"103383719565015992676297671447075830940",
"311365712124261377152153437143334589700",
"131075533680107449878548608530827995402",
"248030852124312772936994125748929897792",
"279104169742496648373566517388679656171",
"328614396831455103404337812982966625918"
],
"threshold": 0.9
},
"signature_type": "Line",
"id": "CVE-2025-65897-326435b6",
"source": "https://github.com/zhaoyachao/zdh_web/commit/b2423378a8bf83f159f19ce4e14eac71c939793a",
"target": {
"file": "src/main/java/com/zyc/zdh/controller/ZdhEtlController.java"
}
},
{
"signature_version": "v1",
"deprecated": false,
"digest": {
"length": 1353.0,
"function_hash": "141195301934218566594334465518706718848"
},
"signature_type": "Function",
"id": "CVE-2025-65897-35080d85",
"source": "https://github.com/zhaoyachao/zdh_web/commit/b2423378a8bf83f159f19ce4e14eac71c939793a",
"target": {
"function": "alarm",
"file": "src/main/java/com/zyc/zdh/job/EmailJob.java"
}
},
{
"signature_version": "v1",
"deprecated": false,
"digest": {
"length": 5191.0,
"function_hash": "119067967217784722671430820377373540439"
},
"signature_type": "Function",
"id": "CVE-2025-65897-37d5f972",
"source": "https://github.com/zhaoyachao/zdh_web/commit/b2423378a8bf83f159f19ce4e14eac71c939793a",
"target": {
"function": "run",
"file": "src/main/java/com/zyc/zdh/run/SystemCommandLineRunner.java"
}
},
{
"signature_version": "v1",
"deprecated": false,
"digest": {
"line_hashes": [
"243033707221299297684966619967731785414"
],
"threshold": 0.9
},
"signature_type": "Line",
"id": "CVE-2025-65897-382e3def",
"source": "https://github.com/zhaoyachao/zdh_web/commit/b2423378a8bf83f159f19ce4e14eac71c939793a",
"target": {
"file": "src/main/java/com/zyc/zdh/util/StringUtils.java"
}
},
{
"signature_version": "v1",
"deprecated": false,
"digest": {
"length": 2023.0,
"function_hash": "109350967200158719311160034837740391119"
},
"signature_type": "Function",
"id": "CVE-2025-65897-5445cf8d",
"source": "https://github.com/zhaoyachao/zdh_web/commit/b2423378a8bf83f159f19ce4e14eac71c939793a",
"target": {
"function": "datax_auto_exec",
"file": "src/main/java/com/zyc/zdh/job/JobCommon2.java"
}
},
{
"signature_version": "v1",
"deprecated": false,
"digest": {
"length": 6095.0,
"function_hash": "148043019822503507937966451578136855257"
},
"signature_type": "Function",
"id": "CVE-2025-65897-5c660464",
"source": "https://github.com/zhaoyachao/zdh_web/commit/b2423378a8bf83f159f19ce4e14eac71c939793a",
"target": {
"function": "killJobGroup",
"file": "src/main/java/com/zyc/zdh/run/SystemCommandLineRunner.java"
}
},
{
"signature_version": "v1",
"deprecated": false,
"digest": {
"line_hashes": [
"326621618246474996024011249279085265526",
"294147445049250182663913470216807485843",
"35629527455163272227642621785272698856",
"227887739880358786491383429214247590971",
"145422476922634584502504041753812668851",
"8235443499984060655165225612063433651"
],
"threshold": 0.9
},
"signature_type": "Line",
"id": "CVE-2025-65897-636484e1",
"source": "https://github.com/zhaoyachao/zdh_web/commit/b2423378a8bf83f159f19ce4e14eac71c939793a",
"target": {
"file": "src/main/java/com/zyc/zdh/job/SetUpJob.java"
}
},
{
"signature_version": "v1",
"deprecated": false,
"digest": {
"length": 2541.0,
"function_hash": "36879146686249545599924458611390482443"
},
"signature_type": "Function",
"id": "CVE-2025-65897-6edb448b",
"source": "https://github.com/zhaoyachao/zdh_web/commit/b2423378a8bf83f159f19ce4e14eac71c939793a",
"target": {
"function": "check_sql_blood_source",
"file": "src/main/java/com/zyc/zdh/job/CheckBloodSourceJob.java"
}
},
{
"signature_version": "v1",
"deprecated": false,
"digest": {
"line_hashes": [
"267013007652105403620016465308253681876",
"46868270138588676211085879572462980368",
"226029408587185382919068353104476507483",
"238628259295233085958700473388634428138",
"267013007652105403620016465308253681876",
"294832586277367606638593201589456517414",
"99639950321874537078776702114773067532",
"8489616785769265547617270105785503864",
"184137382865747980470730396707833193980"
],
"threshold": 0.9
},
"signature_type": "Line",
"id": "CVE-2025-65897-7179b10c",
"source": "https://github.com/zhaoyachao/zdh_web/commit/b2423378a8bf83f159f19ce4e14eac71c939793a",
"target": {
"file": "src/main/java/com/zyc/zdh/controller/ZdhSshController.java"
}
},
{
"signature_version": "v1",
"deprecated": false,
"digest": {
"line_hashes": [
"207701671262117183804269583938832508702",
"162764858979952096805950261285405719694",
"243903050134323711684016253040146146593",
"329461718386657974486226368439929949343",
"339290029473793132335006775399325678828",
"242504803584655892168167532468839755795",
"166067262154598811950812223689224338952",
"230483159762847434287665048012076249524",
"267013007652105403620016465308253681876",
"46868270138588676211085879572462980368",
"226029408587185382919068353104476507483",
"238628259295233085958700473388634428138"
],
"threshold": 0.9
},
"signature_type": "Line",
"id": "CVE-2025-65897-74230a92",
"source": "https://github.com/zhaoyachao/zdh_web/commit/b2423378a8bf83f159f19ce4e14eac71c939793a",
"target": {
"file": "src/main/java/com/zyc/zdh/controller/digitalmarket/CrowdFileController.java"
}
},
{
"signature_version": "v1",
"deprecated": false,
"digest": {
"length": 3764.0,
"function_hash": "199046330030950750303136130914041065715"
},
"signature_type": "Function",
"id": "CVE-2025-65897-76264b49",
"source": "https://github.com/zhaoyachao/zdh_web/commit/b2423378a8bf83f159f19ce4e14eac71c939793a",
"target": {
"function": "ssh_exec",
"file": "src/main/java/com/zyc/zdh/job/JobCommon2.java"
}
},
{
"signature_version": "v1",
"deprecated": false,
"digest": {
"length": 686.0,
"function_hash": "31802486327427967747173359195232873690"
},
"signature_type": "Function",
"id": "CVE-2025-65897-766ed738",
"source": "https://github.com/zhaoyachao/zdh_web/commit/b2423378a8bf83f159f19ce4e14eac71c939793a",
"target": {
"function": "Check",
"file": "src/main/java/com/zyc/zdh/job/CheckBloodSourceJob.java"
}
},
{
"signature_version": "v1",
"deprecated": false,
"digest": {
"length": 2324.0,
"function_hash": "156481057884395387258694093608777665759"
},
"signature_type": "Function",
"id": "CVE-2025-65897-90bb4476",
"source": "https://github.com/zhaoyachao/zdh_web/commit/b2423378a8bf83f159f19ce4e14eac71c939793a",
"target": {
"function": "alarm",
"file": "src/main/java/com/zyc/zdh/job/EmailJob.java"
}
},
{
"signature_version": "v1",
"deprecated": false,
"digest": {
"length": 3973.0,
"function_hash": "156541463166034262389983064313038632595"
},
"signature_type": "Function",
"id": "CVE-2025-65897-91b9f96d",
"source": "https://github.com/zhaoyachao/zdh_web/commit/b2423378a8bf83f159f19ce4e14eac71c939793a",
"target": {
"function": "crowd_file_add",
"file": "src/main/java/com/zyc/zdh/controller/digitalmarket/CrowdFileController.java"
}
},
{
"signature_version": "v1",
"deprecated": false,
"digest": {
"length": 1300.0,
"function_hash": "152337680346341565627216802363245519392"
},
"signature_type": "Function",
"id": "CVE-2025-65897-93882d51",
"source": "https://github.com/zhaoyachao/zdh_web/commit/b2423378a8bf83f159f19ce4e14eac71c939793a",
"target": {
"function": "etl_task_add_file",
"file": "src/main/java/com/zyc/zdh/controller/ZdhEtlController.java"
}
},
{
"signature_version": "v1",
"deprecated": false,
"digest": {
"length": 2138.0,
"function_hash": "279887373953509735497362394436106215399"
},
"signature_type": "Function",
"id": "CVE-2025-65897-949b6461",
"source": "https://github.com/zhaoyachao/zdh_web/commit/b2423378a8bf83f159f19ce4e14eac71c939793a",
"target": {
"function": "run",
"file": "src/main/java/com/zyc/zdh/job/JobBeaconFire.java"
}
},
{
"signature_version": "v1",
"deprecated": false,
"digest": {
"line_hashes": [
"56220266665286576340044977445390694543",
"256769870282960420029241948370658651881",
"6064259068430634614398713649219099556",
"330238558475733388038996042371696299337",
"185263008720688043811323532530345839724",
"233606393416808267742282502457691126293"
],
"threshold": 0.9
},
"signature_type": "Line",
"id": "CVE-2025-65897-94d5b6b1",
"source": "https://github.com/zhaoyachao/zdh_web/commit/b2423378a8bf83f159f19ce4e14eac71c939793a",
"target": {
"file": "src/main/java/com/zyc/zdh/push/impl/AliMessagePush.java"
}
},
{
"signature_version": "v1",
"deprecated": false,
"digest": {
"length": 3743.0,
"function_hash": "200962619155431998601930972835604867953"
},
"signature_type": "Function",
"id": "CVE-2025-65897-9cf8318f",
"source": "https://github.com/zhaoyachao/zdh_web/commit/b2423378a8bf83f159f19ce4e14eac71c939793a",
"target": {
"function": "taskLogInstanceAlarm",
"file": "src/main/java/com/zyc/zdh/job/EmailJob.java"
}
},
{
"signature_version": "v1",
"deprecated": false,
"digest": {
"length": 782.0,
"function_hash": "53709455547030465164454734466503998812"
},
"signature_type": "Function",
"id": "CVE-2025-65897-9eada504",
"source": "https://github.com/zhaoyachao/zdh_web/commit/b2423378a8bf83f159f19ce4e14eac71c939793a",
"target": {
"function": "send",
"file": "src/main/java/com/zyc/zdh/push/impl/AliMessagePush.java"
}
},
{
"signature_version": "v1",
"deprecated": false,
"digest": {
"line_hashes": [
"42497008913360171390350247905090408795",
"91055129166070111904003467084487131705",
"48499178129178015774317943308497947252",
"111883991207981441409415604926015976934"
],
"threshold": 0.9
},
"signature_type": "Line",
"id": "CVE-2025-65897-a66c9a45",
"source": "https://github.com/zhaoyachao/zdh_web/commit/b2423378a8bf83f159f19ce4e14eac71c939793a",
"target": {
"file": "src/main/java/com/zyc/zdh/run/SystemCommandLineRunner.java"
}
},
{
"signature_version": "v1",
"deprecated": false,
"digest": {
"length": 4322.0,
"function_hash": "248220825063532368895752142089269512019"
},
"signature_type": "Function",
"id": "CVE-2025-65897-a95b2946",
"source": "https://github.com/zhaoyachao/zdh_web/commit/b2423378a8bf83f159f19ce4e14eac71c939793a",
"target": {
"function": "etl_task_unstructure_upload",
"file": "src/main/java/com/zyc/zdh/controller/ZdhUnstructureController.java"
}
},
{
"signature_version": "v1",
"deprecated": false,
"digest": {
"line_hashes": [
"283538657269602016301315199168496832560",
"254830071296632572179135467816209995172",
"150809149312952752473197905937893307343",
"1430501027088213713308888399842104366"
],
"threshold": 0.9
},
"signature_type": "Line",
"id": "CVE-2025-65897-b00e09b2",
"source": "https://github.com/zhaoyachao/zdh_web/commit/b2423378a8bf83f159f19ce4e14eac71c939793a",
"target": {
"file": "src/main/java/com/zyc/zdh/job/JobBeaconFire.java"
}
},
{
"signature_version": "v1",
"deprecated": false,
"digest": {
"line_hashes": [
"309700966604582892223145473575004682983",
"144732360189893211039259620997987440390",
"239171962192444077363514650897828304445",
"263924906487501673165836460898674907068",
"146234643051209671216214670404915979097",
"157068236144078886753405459577985053534",
"221209229693375222319244801017996345379",
"333098634142867937528443044495412652562",
"146234643051209671216214670404915979097",
"157068236144078886753405459577985053534",
"221209229693375222319244801017996345379",
"333098634142867937528443044495412652562"
],
"threshold": 0.9
},
"signature_type": "Line",
"id": "CVE-2025-65897-c9105ca7",
"source": "https://github.com/zhaoyachao/zdh_web/commit/b2423378a8bf83f159f19ce4e14eac71c939793a",
"target": {
"file": "src/main/java/com/zyc/zdh/job/EmailJob.java"
}
},
{
"signature_version": "v1",
"deprecated": false,
"digest": {
"line_hashes": [
"179136798656344141920006958228590036987",
"75834611357441308034542105181329745803",
"321049658485168788876676139436656955797",
"190678913279121945096214879092386301335",
"111860686459939763453589268669720678909",
"123034207979083999122733592582374831073",
"28194269107990256454137439234046607250",
"33711763019024557891631966690074629701",
"242702803934472817881209573001619323935",
"233335327799458705233431986866093943925",
"89458093792846368014960855930294231020",
"330850558943610587352978792976818707039",
"63285444335057547561956890163872573220"
],
"threshold": 0.9
},
"signature_type": "Line",
"id": "CVE-2025-65897-d762bc70",
"source": "https://github.com/zhaoyachao/zdh_web/commit/b2423378a8bf83f159f19ce4e14eac71c939793a",
"target": {
"file": "src/main/java/com/zyc/zdh/job/CheckBloodSourceJob.java"
}
},
{
"signature_version": "v1",
"deprecated": false,
"digest": {
"line_hashes": [
"110899207881765389880467233257420935197",
"2330505186948257226676986426724891905",
"138780290992092831915411809533355000735",
"238628259295233085958700473388634428138"
],
"threshold": 0.9
},
"signature_type": "Line",
"id": "CVE-2025-65897-de92d76d",
"source": "https://github.com/zhaoyachao/zdh_web/commit/b2423378a8bf83f159f19ce4e14eac71c939793a",
"target": {
"file": "src/main/java/com/zyc/zdh/controller/ZdhUnstructureController.java"
}
},
{
"signature_version": "v1",
"deprecated": false,
"digest": {
"length": 2071.0,
"function_hash": "252630137271518080228355886955870941544"
},
"signature_type": "Function",
"id": "CVE-2025-65897-dec02219",
"source": "https://github.com/zhaoyachao/zdh_web/commit/b2423378a8bf83f159f19ce4e14eac71c939793a",
"target": {
"function": "run",
"file": "src/main/java/com/zyc/zdh/job/SetUpJob.java"
}
}
]