https://blog.qife122.com/tags/cve-2025-65074/ Recent content in CVE-2025-65074 on 办公AI智能小助手 Hugo zh-cn qife Fri, 09 Jan 2026 20:26:35 +0800 https://blog.qife122.com/p/%E9%AB%98%E5%8D%B1%E6%BC%8F%E6%B4%9E%E9%A2%84%E8%AD%A6cve-2025-65074-wavestore-server%E8%B7%AF%E5%BE%84%E9%81%8D%E5%8E%86%E4%B8%8E%E5%91%BD%E4%BB%A4%E6%B3%A8%E5%85%A5%E9%A3%8E%E9%99%A9%E8%A7%A3%E6%9E%90/ Fri, 09 Jan 2026 20:26:35 +0800 https://blog.qife122.com/p/%E9%AB%98%E5%8D%B1%E6%BC%8F%E6%B4%9E%E9%A2%84%E8%AD%A6cve-2025-65074-wavestore-server%E8%B7%AF%E5%BE%84%E9%81%8D%E5%8E%86%E4%B8%8E%E5%91%BD%E4%BB%A4%E6%B3%A8%E5%85%A5%E9%A3%8E%E9%99%A9%E8%A7%A3%E6%9E%90/ <h3 id="cve-2025-65074-cwe-22-对路径名限制不当导致的目录遍历漏洞影响-wavestore-wavestore-server">CVE-2025-65074: CWE-22 对路径名限制不当导致的目录遍历漏洞，影响 WaveStore WaveStore Server</h3> <p><strong>严重性：高</strong> <strong>类型：漏洞</strong> <strong>CVE 编号：CVE-2025-65074</strong></p> <h4 id="概述">概述</h4> <p>WaveView 客户端允许用户在已连接的 WaveStore Server 上执行一组受限的预定义命令和脚本。拥有高权限的恶意攻击者能够利用 <code>showerr</code> 脚本中的路径遍历漏洞，在服务器上执行任意操作系统命令。</p>