CVE-2025-59118

Опубликовано: 12 нояб. 2025

Источник: nvd

CVSS3: 7.3

EPSS Низкий

Описание

Unrestricted Upload of File with Dangerous Type vulnerability in Apache OFBiz.

This issue affects Apache OFBiz: before 24.09.03.

Users are recommended to upgrade to version 24.09.03, which fixes the issue.

Ссылки

https://issues.apache.org/jira/browse/OFBIZ-13292
Issue Tracking
https://lists.apache.org/thread/202263kpy7g76pzsy1fm96h9lcmhsqpt
Mailing List
Vendor Advisory
https://ofbiz.apache.org/download.html
Product
https://ofbiz.apache.org/release-notes-24.09.03.html
Release Notes
https://ofbiz.apache.org/security.html
Vendor Advisory
http://www.openwall.com/lists/oss-security/2025/11/11/1
Mailing List
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:apache:ofbiz:*:*:*:*:*:*:*:*

Версия до 24.09.03 (исключая)

EPSS

Процентиль: 37%

0.00161

Низкий

7.3 High

CVSS3

Дефекты

CWE-434

Связанные уязвимости

GHSA-7fmc-f7mg-gr67