Vulnerability Details CVE-2025-63739
An issue was discovered in function phpinisaveAction in file webmain/system/cogini/coginiAction.php in Xinhu Rainrock RockOA 2.7.0 allowing attackers to authenticated users to modify PHP configuration files via the a parameter to the index.php endpoint.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 5.9%
CVSS Severity
CVSS v3 Score 4.3
References