CVE-2025-27980: cashbook v4.0.3 has an arbitrary file read vulnerability in /api/entry/flow/invoice/show?invoice=.

Description

cashbook v4.0.3 has an arbitrary file read vulnerability in /api/entry/flow/invoice/show?invoice=.

Classification

CVE ID: CVE-2025-27980

Affected Products

Vendor: n/a

Product: n/a

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.04% (probability of being exploited)

EPSS Percentile: 11.72% (scored less or equal to compared to others)

EPSS Date: 2025-04-21 (when was this score calculated)

References

https://nvd.nist.gov/vuln/detail/CVE-2025-27980
https://blog.csdn.net/qq_52469895/article/details/145496958?sharetype=blogdetail&sharerId=145496958&sharerefer=PC&sharesource=qq_52469895&spm=1011.2480.3001.8118

Timeline