CVE-2025-4533

Sažetak

A vulnerability classified as problematic was found in JeecgBoot up to 3.8.0. This vulnerability affects the function unzipFile of the file /jeecg-boot/airag/knowledge/doc/import/zip of the component Document Library Upload. The manipulation of the argument File leads to resource consumption. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Reference

https://github.com/jeecgboot/JeecgBoot/issues/8199
https://github.com/jeecgboot/JeecgBoot/issues/8199#issue-3022937633
https://github.com/jeecgboot/JeecgBoot/issues/8199#issuecomment-2834691016
https://vuldb.com/?ctiid.308278
https://vuldb.com/?id.308278
https://vuldb.com/?submit.566192

CVSS

Base:	3.3
Impact:	2.9
Exploitability:	6.4

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	MULTIPLE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	NONE	PARTIAL

CVSS vektor

AV:N/AC:L/Au:M/C:N/I:N/A:P

Zadnje važnije ažuriranje

11-05-2025 - 07:15

Objavljeno

11-05-2025 - 07:15