CVE-2025-8841

Опубликовано: 11 авг. 2025

Источник: nvd

CVSS3: 6.3

CVSS3: 6.1

CVSS2: 6.5

EPSS Низкий

Описание

A vulnerability was identified in zlt2000 microservices-platform up to 6.0.0. Affected by this vulnerability is the function Upload of the file zlt-business/file-center/src/main/java/com/central/file/controller/FileController.java. The manipulation leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Ссылки

https://github.com/zlt2000/microservices-platform/issues/77
Exploit
Issue Tracking
Vendor Advisory
https://github.com/zlt2000/microservices-platform/issues/77#issue-3264841808
Exploit
Issue Tracking
Vendor Advisory
https://vuldb.com/?ctiid.319375
Permissions Required
VDB Entry
https://vuldb.com/?id.319375
Third Party Advisory
VDB Entry
https://vuldb.com/?submit.623100
Third Party Advisory
VDB Entry
https://github.com/zlt2000/microservices-platform/issues/77
Exploit
Issue Tracking
Vendor Advisory
https://github.com/zlt2000/microservices-platform/issues/77#issue-3264841808
Exploit
Issue Tracking
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:zlt2000:microservices-platform:*:*:*:*:*:*:*:*

Версия до 6.0.0 (включая)

EPSS

Процентиль: 11%

0.00037

Низкий

6.3 Medium

CVSS3

6.1 Medium

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-284

CWE-434

Связанные уязвимости

GHSA-56pj-vpvp-4mhh

CVSS3: 6.3

github

6 месяцев назад

EPSS

Процентиль: 11%

0.00037

Низкий

6.3 Medium

CVSS3

6.1 Medium

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-284

CWE-434