yzcheng90 X-SpringBoot ଯେପର୍ଯ୍ୟନ୍ତ 5.0 APK File /sys/oss/upload/apk uploadApk ଫାଇଲ୍ ଡିରେକ୍ଟୋରୀ ଟ୍ରାଭର୍ସାଲ

Dogoggorri kan akka ଜଟିଳ jedhamuun ramadame yzcheng90 X-SpringBoot ଯେପର୍ଯ୍ୟନ୍ତ 5.0 keessatti argameera. Miidhamni argame is hojii uploadApk faayilii /sys/oss/upload/apk keessa kutaa APK File Handler keessa. Wanti jijjiirame irratti ଫାଇଲ୍ gara ଡିରେକ୍ଟୋରୀ ଟ୍ରାଭର୍ସାଲ geessa. Rakkoo ibsuuf CWE yoo fayyadamte gara CWE-22 si geessa. Odeeffannoon kun yeroo 06/26/2025 maxxanfameera. Odeeffannoon kun buufachuuf github.com irratti argama. Dogoggorri kun CVE-2025-6731 jedhamee waamama. Weerara fageenya irraa jalqabuu ni danda'ama. Ibsa teeknikaa ni jira. Waan dabalataa ta’een, meeshaa balaa kana fayyadamuuf ni jira. Qorannoo miidhaa (exploit) uummataaf ifa taasifameera, kanaafis fayyadamuu ni danda'ama. Ammas, gatii exploit might be approx. USD $0-$5k yeroo ammaa irratti argamuu danda'a. ପ୍ରୁଫ୍-ଅଫ୍-କନ୍ସେପ୍ଟ ta’uu isaa ibsameera. Exploit github.com irraa buufachuun ni danda'ama. Akka 0-daytti, gatiin isaa daldala dhoksaa keessatti $0-$5k akka ta'e tilmaamameera. If you want to get best quality of vulnerability data, you may have to visit VulDB.

3 ଆଡାପ୍ଟେସନ୍ · 90 ପଏଣ୍ଟ

ଫିଲ୍ଡସୃଷ୍ଟି ହୋଇଛି
06/26/2025 05:59 PM		ଅଦ୍ୟତନ 1/2
06/27/2025 02:22 AM		ଅଦ୍ୟତନ 2/2
06/30/2025 11:53 PM
software_vendoryzcheng90yzcheng90yzcheng90
software_nameX-SpringBootX-SpringBootX-SpringBoot
software_version<=5.0<=5.0<=5.0
software_componentAPK File HandlerAPK File HandlerAPK File Handler
software_file/sys/oss/upload/apk/sys/oss/upload/apk/sys/oss/upload/apk
software_functionuploadApkuploadApkuploadApk
software_argumentfilefilefile
vulnerability_cweCWE-22 (ଡିରେକ୍ଟୋରୀ ଟ୍ରାଭର୍ସାଲ)CWE-22 (ଡିରେକ୍ଟୋରୀ ଟ୍ରାଭର୍ସାଲ)CWE-22 (ଡିରେକ୍ଟୋରୀ ଟ୍ରାଭର୍ସାଲ)
vulnerability_risk222
cvss3_vuldb_avNNN
cvss3_vuldb_acLLL
cvss3_vuldb_uiNNN
cvss3_vuldb_sUUU
cvss3_vuldb_cLLL
cvss3_vuldb_iLLL
cvss3_vuldb_aLLL
cvss3_vuldb_ePPP
cvss3_vuldb_rcRRR
advisory_urlhttps://github.com/ShenxiuSec/cve-proofs/blob/main/POC-20250616-03.mdhttps://github.com/ShenxiuSec/cve-proofs/blob/main/POC-20250616-03.mdhttps://github.com/ShenxiuSec/cve-proofs/blob/main/POC-20250616-03.md
exploit_availability111
exploit_publicity111
exploit_urlhttps://github.com/ShenxiuSec/cve-proofs/blob/main/POC-20250616-03.md#steps-to-reproducehttps://github.com/ShenxiuSec/cve-proofs/blob/main/POC-20250616-03.md#steps-to-reproducehttps://github.com/ShenxiuSec/cve-proofs/blob/main/POC-20250616-03.md#steps-to-reproduce
source_cveCVE-2025-6731CVE-2025-6731CVE-2025-6731
cna_responsibleVulDBVulDBVulDB
response_summaryThe vendor was contacted early about this disclosure but did not respond in any way.The vendor was contacted early about this disclosure but did not respond in any way.The vendor was contacted early about this disclosure but did not respond in any way.
cvss3_vuldb_tempscore5.75.75.7
cvss3_meta_basescore6.36.36.3
cvss3_meta_tempscore5.75.76.0
cvss4_vuldb_bscore5.35.35.3
cvss4_vuldb_btscore2.12.12.1
advisory_date1750888800 (06/26/2025)1750888800 (06/26/2025)1750888800 (06/26/2025)
price_0day$0-$5k$0-$5k$0-$5k
cvss2_vuldb_avNNN
cvss2_vuldb_acLLL
cvss2_vuldb_ciPPP
cvss2_vuldb_iiPPP
cvss2_vuldb_aiPPP
cvss2_vuldb_ePOCPOCPOC
cvss2_vuldb_rcURURUR
cvss4_vuldb_avNNN
cvss4_vuldb_acLLL
cvss4_vuldb_uiNNN
cvss4_vuldb_vcLLL
cvss4_vuldb_viLLL
cvss4_vuldb_vaLLL
cvss4_vuldb_ePPP
cvss2_vuldb_auSSS
cvss2_vuldb_rlNDNDND
cvss3_vuldb_prLLL
cvss3_vuldb_rlXXX
cvss4_vuldb_atNNN
cvss4_vuldb_prLLL
cvss4_vuldb_scNNN
cvss4_vuldb_siNNN
cvss4_vuldb_saNNN
cvss2_vuldb_basescore6.56.56.5
cvss2_vuldb_tempscore5.65.65.6
cvss3_vuldb_basescore6.36.36.3
euvd_idEUVD-2025-19242EUVD-2025-19242
cve_nvd_summaryA vulnerability was found in yzcheng90 X-SpringBoot up to 5.0 and classified as critical. Affected by this issue is the function uploadApk of the file /sys/oss/upload/apk of the component APK File Handler. The manipulation of the argument File leads to path traversal. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
cve_nvd_summaryesSe encontró una vulnerabilidad en yzcheng90 X-SpringBoot (hasta la versión 5.0), clasificada como crítica. Este problema afecta a la función uploadApk del archivo /sys/oss/upload/apk del componente APK File Handler. La manipulación del argumento "File" provoca un path traversal. El ataque puede ejecutarse en remoto. Se ha hecho público el exploit y puede que sea utilizado. Se contactó al proveedor con antelación para informarle sobre esta divulgación, pero no respondió.
cvss4_cna_avN
cvss4_cna_acL
cvss4_cna_atN
cvss4_cna_prL
cvss4_cna_uiN
cvss4_cna_vcL
cvss4_cna_viL
cvss4_cna_vaL
cvss4_cna_scN
cvss4_cna_siN
cvss4_cna_saN
cvss4_cna_bscore5.3
cvss3_cna_avN
cvss3_cna_acL
cvss3_cna_prL
cvss3_cna_uiN
cvss3_cna_sU
cvss3_cna_cL
cvss3_cna_iL
cvss3_cna_aL
cvss3_cna_basescore6.3
cvss2_cna_avN
cvss2_cna_acL
cvss2_cna_auS
cvss2_cna_ciP
cvss2_cna_iiP
cvss2_cna_aiP
cvss2_cna_basescore6.5

ପଛକୁସମୀକ୍ଷାଆହୁରି ଦୂରରେ

Do you know our Splunk app?

Download it now for free!