Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

SUNNET Technology Co., Ltd.

Source -

CNA

BOS Name -

N/A

CNA CVEs -

9

ADP CVEs -

0

CISA CVEs -

0

NVD CVEs -

0
Related CVEsRelated ProductsRelated AssignersReports
9Vulnerabilities found
CVE-2025-54946
Assigner-ZUSO Advanced Research Team (ZUSO ART)
ShareView Details
Assigner-ZUSO Advanced Research Team (ZUSO ART)
CVSS Score-9.3||CRITICAL
EPSS-Not Assigned
Published-30 Aug, 2025 | 03:58
Updated-30 Aug, 2025 | 03:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SUNNET Corporate Training Management System - SQL Injection

A SQL injection vulnerability in SUNNET Corporate Training Management System before 10.11 allows remote attackers to execute arbitrary SQL commands.

Action-Not Available
Vendor-SUNNET Technology Co., Ltd.
Product-Corporate Training Management System
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-54945
Assigner-ZUSO Advanced Research Team (ZUSO ART)
ShareView Details
Assigner-ZUSO Advanced Research Team (ZUSO ART)
CVSS Score-10||CRITICAL
EPSS-Not Assigned
Published-30 Aug, 2025 | 03:50
Updated-30 Aug, 2025 | 03:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SUNNET Corporate Training Management System - External Control of File Name or Path

An external control of file name or path vulnerability in SUNNET Corporate Training Management System before 10.11 allows remote attackers to execute arbitrary system commands via a malicious file by controlling the destination file path.

Action-Not Available
Vendor-SUNNET Technology Co., Ltd.
Product-Corporate Training Management System
CWE ID-CWE-73
External Control of File Name or Path
CVE-2025-54944
Assigner-ZUSO Advanced Research Team (ZUSO ART)
ShareView Details
Assigner-ZUSO Advanced Research Team (ZUSO ART)
CVSS Score-6.9||MEDIUM
EPSS-Not Assigned
Published-30 Aug, 2025 | 03:45
Updated-30 Aug, 2025 | 03:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SUNNET Corporate Training Management System - Unrestricted Upload of File with Dangerous Type

An unrestricted upload of file with dangerous type vulnerability in SUNNET Corporate Training Management System before 10.11 allows remote attackers to write malicious code in a specific file, which may lead to arbitrary code execution.

Action-Not Available
Vendor-SUNNET Technology Co., Ltd.
Product-Corporate Training Management System
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2025-54943
Assigner-ZUSO Advanced Research Team (ZUSO ART)
ShareView Details
Assigner-ZUSO Advanced Research Team (ZUSO ART)
CVSS Score-9.3||CRITICAL
EPSS-Not Assigned
Published-30 Aug, 2025 | 03:42
Updated-30 Aug, 2025 | 03:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SUNNET Corporate Training Management System - Missing Authorization

A missing authorization vulnerability in SUNNET Corporate Training Management System before 10.11 allows remote attackers to perform unauthorized application deployment due to the absence of proper access control checks.

Action-Not Available
Vendor-SUNNET Technology Co., Ltd.
Product-Corporate Training Management System
CWE ID-CWE-862
Missing Authorization
CVE-2025-54942
Assigner-ZUSO Advanced Research Team (ZUSO ART)
ShareView Details
Assigner-ZUSO Advanced Research Team (ZUSO ART)
CVSS Score-9.3||CRITICAL
EPSS-Not Assigned
Published-30 Aug, 2025 | 03:37
Updated-30 Aug, 2025 | 03:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SUNNET Corporate Training Management System - Missing Authentication for Critical Function

A missing authentication for critical function vulnerability in SUNNET Corporate Training Management System before 10.11 allows remote attackers to access deployment functionality without prior authentication.

Action-Not Available
Vendor-SUNNET Technology Co., Ltd.
Product-Corporate Training Management System
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2025-31338
Assigner-ZUSO Advanced Research Team (ZUSO ART)
ShareView Details
Assigner-ZUSO Advanced Research Team (ZUSO ART)
CVSS Score-6.9||MEDIUM
EPSS-0.28% / 50.77%
||
7 Day CHG~0.00%
Published-17 Apr, 2025 | 02:01
Updated-17 Apr, 2025 | 20:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Wisdom Master Pro - Missing Authorization

A missing authorization vulnerability in the retrieve teacher Information function of Wisdom Master Pro versions 5.0 through 5.2 allows remote attackers to obtain partial user data by accessing the API functionality.

Action-Not Available
Vendor-SUNNET Technology Co., Ltd.
Product-Wisdom Master Pro
CWE ID-CWE-862
Missing Authorization
CVE-2025-31339
Assigner-ZUSO Advanced Research Team (ZUSO ART)
ShareView Details
Assigner-ZUSO Advanced Research Team (ZUSO ART)
CVSS Score-5.3||MEDIUM
EPSS-0.28% / 51.31%
||
7 Day CHG~0.00%
Published-17 Apr, 2025 | 02:00
Updated-17 Apr, 2025 | 20:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Wisdom Master Pro - Unrestricted Upload of File with Dangerous Type

An unrestricted upload of file with dangerous type vulnerability in the course management function of Wisdom Master Pro versions 5.0 through 5.2 allows remote authenticated users to craft a malicious file.

Action-Not Available
Vendor-SUNNET Technology Co., Ltd.
Product-Wisdom Master Pro
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2025-31340
Assigner-ZUSO Advanced Research Team (ZUSO ART)
ShareView Details
Assigner-ZUSO Advanced Research Team (ZUSO ART)
CVSS Score-9.9||CRITICAL
EPSS-0.29% / 51.66%
||
7 Day CHG~0.00%
Published-17 Apr, 2025 | 01:59
Updated-17 Apr, 2025 | 20:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Wisdom Master Pro - Improper Control of Filename for Include/Require Statement in PHP Program

A improper control of filename for include/require statement in PHP program vulnerability in the retrieve course Information function of Wisdom Master Pro versions 5.0 through 5.2 allows remote attackers to perform arbitrary system commands by running a malicious file.

Action-Not Available
Vendor-SUNNET Technology Co., Ltd.
Product-Wisdom Master Pro
CWE ID-CWE-98
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
CVE-2024-11984
Assigner-ZUSO Advanced Research Team (ZUSO ART)
ShareView Details
Assigner-ZUSO Advanced Research Team (ZUSO ART)
CVSS Score-9.4||CRITICAL
EPSS-0.12% / 32.22%
||
7 Day CHG+0.02%
Published-19 Dec, 2024 | 04:01
Updated-20 Dec, 2024 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SUNNET Corporate Training Management System - Unrestricted Upload of File with Dangerous Type

A unrestricted upload of file with dangerous type vulnerability in epaper draft function in Corporate Training Management System before 10.13 allows remote authenticated users to bypass file upload restrictions and perform arbitrary system commands with SYSTEM privilege via a crafted ZIP file.

Action-Not Available
Vendor-SUNNET Technology Co., Ltd.
Product-Corporate Training Management System
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type