CVE-2025-8526

Medium CVSS: 5.3

A vulnerability was found in Exrick xboot up to 3.3.4. It has been declared as critical. This vulnerability affects the function Upload of the file xboot-fast/src/main/java/cn/exrick/xboot/modules/base/controller/common/UploadController.java. The manipulation of the argument File leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Vendor

Exrick

Product

Xboot

CWE

CWE-284

Yayın Tarihi

2025-08-04 21:15:31

Güncelleme

2025-08-28 12:15:36

Source Identifier

cna@vuldb.com

KEV Date Added

Kategoriler

CWE-284 Xboot MEDIUM Exrick 2025

Referanslar

https://github.com/Exrick/xboot/issues/71 https://github.com/Exrick/xboot/issues/71#issue-3252446955 https://vuldb.com/?ctiid.318652 https://vuldb.com/?id.318652 https://vuldb.com/?submit.622173 https://github.com/Exrick/xboot/issues/71 https://github.com/Exrick/xboot/issues/71#issue-3252446955

Benzer Kayıtlar

High

CVE-2023-36331

Incorrect access control in the /member/orderList API of xmall v1.1 allows attackers to arbitrarily access other users'…

Medium

CVE-2025-65540

Multiple Cross-Site Scripting (XSS) vulnerabilities exist in xmall v1.1 due to improper handling of user-supplied data.…

Medium

CVE-2025-8527

A vulnerability was found in Exrick xboot up to 3.3.4. It has been rated as critical. This issue affects some unknown pr…

Medium

CVE-2025-8528

A vulnerability classified as problematic has been found in Exrick xboot up to 3.3.4. Affected is an unknown function of…

Medium

CVE-2025-8525

A vulnerability was found in Exrick xboot up to 3.3.4. It has been classified as problematic. This affects an unknown pa…

Critical

CVE-2025-45612

Incorrect access control in xmall v1.1 allows attackers to bypass authentication via a crafted GET request to /index.