anonhaven
Ad

CVE-2025-70046

CRITICAL CVSS 3.1: 9.8 EPSS 0.06%
Updated Mar 13, 2026
Miazzy
Parameter Value
CVSS 9.8 (CRITICAL)
Type CWE-829 (Inclusion of Functionality from Untrusted Source)
Vendor Miazzy
Public PoC No

An issue pertaining to CWE-829: Inclusion of Functionality from Untrusted Control Sphere was discovered in Miazzy oa-front-service master.

Attack Parameters

Attack Vector
Network
Can be exploited remotely
Attack Complexity
Low
Easy to exploit
Privileges Required
None
No privileges needed
User Interaction
None
No user interaction needed

Impact Assessment

Confidentiality
High
Complete data leak
Integrity
High
Complete data modification
Availability
High
Complete denial of service

CVSS Vector v3.1

Weakness Type (CWE)

CWE-829 Inclusion of Functionality from Untrusted Source

Vulnerable Products 1

Configuration From (including) Up to (excluding)
Miazzy Oa-Font-Service
cpe:2.3:a:miazzy:oa-font-service:master:-:*:*:*:*:*:*

References 3

https://gist.github.com/zcxlighthouse/a29d9de46c4eac2de5c4d5a7b6c6c532
cve@mitre.org
https://github.com/Miazzy
cve@mitre.org
https://github.com/Miazzy/oa-front-service
cve@mitre.org
Share Post Share Share Share