Vulnerability Details CVE-2025-46612
The Panel Designer dashboard in Airleader Master and Easy before 6.36 allows remote attackers to execute arbitrary commands via a wizard/workspace.jsp unrestricted file upload. To exploit this, the attacker must login to the administrator console (default credentials are weak and easily guessable) and upload a JSP file via the Panel Designer dashboard.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 57.6%
CVSS Severity
CVSS v3 Score 7.2
Products affected by CVE-2025-46612
-
cpe:2.3:h:airleader:easy:-
-
cpe:2.3:h:airleader:master_ii+:-
-
cpe:2.3:o:airleader:easy_firmware:*
-
cpe:2.3:o:airleader:master_ii+_firmware:*