关键漏洞信息 Vulnerability ID: CVE-2025-13249, VDB-332583, GCVE-100-332583 Product: Jiusi OA Affected Version: up to 20251102 Component: OfficeServer Interface CVE Entry: CVE-2025-13249 Vulnerability Type: Unrestricted File Upload Attack Vector: Remote Attack Exploit Status: Public Exploit Available, Proof of Concept GitHub Advisory: Available CWE Classification: CWE-434 (Unrestricted Upload of File with Dangerous Type) Attack Technique: MITRE ATT&CK T1608.002 Summary Description: Critical vulnerability in Jiusi OA up to 20251102, allowing unrestricted file uploads through file processing in . Impact: Confidentiality, Integrity, and Availability. Details CVE Identification: CVE-2025-13249 Exploitability: Easy, Remote Initiation Possible Countermeasures: No explicit countermeasures mentioned; consider replacing affected components.