CVE-2025-56815

High CVSS: 7.1

Datart 1.0.0-rc.3 is vulnerable to Directory Traversal in the POST /viz/image interface, since the server directly uses MultipartFile.transferTo() to save the uploaded file to a path controllable by the user, and lacks strict verification of the file name.

Vendor

Running-elephant

Product

Datart

CWE

CWE-22

Yayın Tarihi

2025-09-24 17:15:41

Güncelleme

2025-10-10 21:07:03

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-22 Datart HIGH Running-elephant 2025

Referanslar

https://github.com/running-elephant/datart/tags https://github.com/xiaoxiaoranxxx/CVE-2025-56815

Benzer Kayıtlar

High

CVE-2025-70828

An issue in Datart v1.0.0-rc.3 allows attackers to execute arbitrary code via the url parameter in the JDBC configuratio…

Medium

CVE-2025-70829

An information exposure vulnerability in Datart v1.0.0-rc.3 allows authenticated attackers to access sensitive data via…

High

CVE-2025-56816

Datart 1.0.0-rc.3 is vulnerable to Directory Traversal. The configuration file handling of the application allows attack…

Critical

CVE-2025-56819

An issue in Datart v.1.0.0-rc.3 allows a remote attacker to execute arbitrary code via the INIT connection parameter.