VDB-312577 · CVE-2025-6108 · EUVD-2025-18362

hansonwang99 Spring-Boot-In-Action File Upload ImageUploadService.java watermarkTest filename ଡିରେକ୍ଟୋରୀ ଟ୍ରାଭର୍ସାଲ

Rakkoon nageenyaa kan ଜଟିଳ jedhamuun beekamu hansonwang99 Spring-Boot-In-Action ଯେପର୍ଯ୍ୟନ୍ତ 807fd37643aa774b94fd004cc3adbd29ca17e9aa keessatti argameera. Miidhaan irra gahe is hojii watermarkTest faayilii /springbt_watermark/src/main/java/cn/codesheep/springbt_watermark/service/ImageUploadService.java keessa kutaa File Upload keessa. Dhugumatti jijjiirraa irratti raawwatame filename gara ଡିରେକ୍ଟୋରୀ ଟ୍ରାଭର୍ସାଲ geessa. Waliigalteewwan CWE fayyadamuun rakkoo ibsuun gara CWE-22 si geessa. Beekumsi kun yeroo 06/15/2025 ifoomsifameera. Odeeffannoon kun buufachuuf github.com irratti dhiyaateera. Dogoggorri kun maqaa CVE-2025-6108 jedhuun tajaajilama. Weerara fageenya irraa jalqabuun ni danda'ama. Odeeffannoon teeknikaa ni argama. Akka dabalataan, meeshaa balaa kana fayyadamuuf argama. Qorannoo miidhaa (exploit) beeksifamee jira, namoonni itti fayyadamuu danda'u. Yeroo ammaa, gatii exploit might be approx. USD $0-$5k beekamuu danda'a. ପ୍ରୁଫ୍-ଅଫ୍-କନ୍ସେପ୍ଟ jedhamee murtaa’eera. Exploit kana github.com irraa buufachuu ni dandeessa. Waggaa 0-day ta'ee, gatiin isaa daldala dhoksaa keessatti $0-$5k jedhamee tilmaamame. Meeshaan kun rolling release fayyadamee tamsaasa itti fufinsa qabu ni kenna. Kanaaf, odeeffannoon version miidhamte yookaan kan haaromfame hin jiru. Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

4 ଆଡାପ୍ଟେସନ୍ · 91 ପଏଣ୍ଟ

ଫିଲ୍ଡ	ସୃଷ୍ଟି ହୋଇଛି 06/15/2025 11:59 AM	ଅଦ୍ୟତନ 1/3 06/16/2025 08:38 AM	ଅଦ୍ୟତନ 2/3 06/16/2025 09:10 AM	ଅଦ୍ୟତନ 3/3 06/16/2025 11:43 AM
software_vendor	hansonwang99	hansonwang99	hansonwang99	hansonwang99
software_name	Spring-Boot-In-Action	Spring-Boot-In-Action	Spring-Boot-In-Action	Spring-Boot-In-Action
software_version	<=807fd37643aa774b94fd004cc3adbd29ca17e9aa	<=807fd37643aa774b94fd004cc3adbd29ca17e9aa	<=807fd37643aa774b94fd004cc3adbd29ca17e9aa	<=807fd37643aa774b94fd004cc3adbd29ca17e9aa
software_rollingrelease	1	1	1	1
software_component	File Upload	File Upload	File Upload	File Upload
software_file	/springbt_watermark/src/main/java/cn/codesheep/springbt_watermark/service/ImageUploadService.java	/springbt_watermark/src/main/java/cn/codesheep/springbt_watermark/service/ImageUploadService.java	/springbt_watermark/src/main/java/cn/codesheep/springbt_watermark/service/ImageUploadService.java	/springbt_watermark/src/main/java/cn/codesheep/springbt_watermark/service/ImageUploadService.java
software_function	watermarkTest	watermarkTest	watermarkTest	watermarkTest
software_argument	filename	filename	filename	filename
vulnerability_cwe	CWE-22 (ଡିରେକ୍ଟୋରୀ ଟ୍ରାଭର୍ସାଲ)	CWE-22 (ଡିରେକ୍ଟୋରୀ ଟ୍ରାଭର୍ସାଲ)	CWE-22 (ଡିରେକ୍ଟୋରୀ ଟ୍ରାଭର୍ସାଲ)	CWE-22 (ଡିରେକ୍ଟୋରୀ ଟ୍ରାଭର୍ସାଲ)
vulnerability_risk	2	2	2	2
cvss3_vuldb_av	N	N	N	N
cvss3_vuldb_ac	L	L	L	L
cvss3_vuldb_ui	N	N	N	N
cvss3_vuldb_s	U	U	U	U
cvss3_vuldb_c	L	L	L	L
cvss3_vuldb_i	L	L	L	L
cvss3_vuldb_a	L	L	L	L
cvss3_vuldb_e	P	P	P	P
cvss3_vuldb_rc	R	R	R	R
advisory_url	https://github.com/ShenxiuSec/cve-proofs/blob/main/POC-20250607-01.md	https://github.com/ShenxiuSec/cve-proofs/blob/main/POC-20250607-01.md	https://github.com/ShenxiuSec/cve-proofs/blob/main/POC-20250607-01.md	https://github.com/ShenxiuSec/cve-proofs/blob/main/POC-20250607-01.md
exploit_availability	1	1	1	1
exploit_publicity	1	1	1	1
exploit_url	https://github.com/ShenxiuSec/cve-proofs/blob/main/POC-20250607-01.md	https://github.com/ShenxiuSec/cve-proofs/blob/main/POC-20250607-01.md	https://github.com/ShenxiuSec/cve-proofs/blob/main/POC-20250607-01.md	https://github.com/ShenxiuSec/cve-proofs/blob/main/POC-20250607-01.md
source_cve	CVE-2025-6108	CVE-2025-6108	CVE-2025-6108	CVE-2025-6108
cna_responsible	VulDB	VulDB	VulDB	VulDB
response_summary	The vendor was contacted early about this disclosure but did not respond in any way.	The vendor was contacted early about this disclosure but did not respond in any way.	The vendor was contacted early about this disclosure but did not respond in any way.	The vendor was contacted early about this disclosure but did not respond in any way.
cvss2_vuldb_av	N	N	N	N
cvss2_vuldb_ac	L	L	L	L
cvss2_vuldb_ci	P	P	P	P
cvss2_vuldb_ii	P	P	P	P
cvss2_vuldb_ai	P	P	P	P
cvss2_vuldb_e	POC	POC	POC	POC
cvss2_vuldb_rc	UR	UR	UR	UR
cvss4_vuldb_av	N	N	N	N
cvss4_vuldb_ac	L	L	L	L
cvss4_vuldb_ui	N	N	N	N
cvss4_vuldb_vc	L	L	L	L
cvss4_vuldb_vi	L	L	L	L
cvss4_vuldb_va	L	L	L	L
cvss4_vuldb_e	P	P	P	P
cvss2_vuldb_au	S	S	S	S
cvss2_vuldb_rl	ND	ND	ND	ND
cvss3_vuldb_pr	L	L	L	L
cvss3_vuldb_rl	X	X	X	X
cvss4_vuldb_at	N	N	N	N
cvss4_vuldb_pr	L	L	L	L
cvss4_vuldb_sc	N	N	N	N
cvss4_vuldb_si	N	N	N	N
cvss4_vuldb_sa	N	N	N	N
cvss2_vuldb_basescore	6.5	6.5	6.5	6.5
cvss2_vuldb_tempscore	5.6	5.6	5.6	5.6
cvss3_vuldb_basescore	6.3	6.3	6.3	6.3
cvss3_vuldb_tempscore	5.7	5.7	5.7	5.7
cvss3_meta_basescore	6.3	6.3	6.3	6.3
cvss3_meta_tempscore	5.7	6.0	6.0	6.0
cvss4_vuldb_bscore	5.3	5.3	5.3	5.3
cvss4_vuldb_btscore	2.1	2.1	2.1	2.1
advisory_date	1749938400 (06/15/2025)	1749938400 (06/15/2025)	1749938400 (06/15/2025)	1749938400 (06/15/2025)
price_0day	$0-$5k	$0-$5k	$0-$5k	$0-$5k
cve_nvd_summary		A vulnerability was found in hansonwang99 Spring-Boot-In-Action up to 807fd37643aa774b94fd004cc3adbd29ca17e9aa. It has been declared as critical. Affected by this vulnerability is the function watermarkTest of the file /springbt_watermark/src/main/java/cn/codesheep/springbt_watermark/service/ImageUploadService.java of the component File Upload. The manipulation of the argument filename leads to path traversal. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. The vendor was contacted early about this disclosure but did not respond in any way.	A vulnerability was found in hansonwang99 Spring-Boot-In-Action up to 807fd37643aa774b94fd004cc3adbd29ca17e9aa. It has been declared as critical. Affected by this vulnerability is the function watermarkTest of the file /springbt_watermark/src/main/java/cn/codesheep/springbt_watermark/service/ImageUploadService.java of the component File Upload. The manipulation of the argument filename leads to path traversal. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. The vendor was contacted early about this disclosure but did not respond in any way.	A vulnerability was found in hansonwang99 Spring-Boot-In-Action up to 807fd37643aa774b94fd004cc3adbd29ca17e9aa. It has been declared as critical. Affected by this vulnerability is the function watermarkTest of the file /springbt_watermark/src/main/java/cn/codesheep/springbt_watermark/service/ImageUploadService.java of the component File Upload. The manipulation of the argument filename leads to path traversal. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. The vendor was contacted early about this disclosure but did not respond in any way.
cvss4_cna_av		N	N	N
cvss4_cna_ac		L	L	L
cvss4_cna_at		N	N	N
cvss4_cna_pr		L	L	L
cvss4_cna_ui		N	N	N
cvss4_cna_vc		L	L	L
cvss4_cna_vi		L	L	L
cvss4_cna_va		L	L	L
cvss4_cna_sc		N	N	N
cvss4_cna_si		N	N	N
cvss4_cna_sa		N	N	N
cvss4_cna_bscore		5.3	5.3	5.3
cvss3_cna_av		N	N	N
cvss3_cna_ac		L	L	L
cvss3_cna_pr		L	L	L
cvss3_cna_ui		N	N	N
cvss3_cna_s		U	U	U
cvss3_cna_c		L	L	L
cvss3_cna_i		L	L	L
cvss3_cna_a		L	L	L
cvss3_cna_basescore		6.3	6.3	6.3
cvss2_cna_av		N	N	N
cvss2_cna_ac		L	L	L
cvss2_cna_au		S	S	S
cvss2_cna_ci		P	P	P
cvss2_cna_ii		P	P	P
cvss2_cna_ai		P	P	P
cvss2_cna_basescore		6.5	6.5	6.5
euvd_id			EUVD-2025-18362	EUVD-2025-18362
cve_nvd_summaryes				Se encontró una vulnerabilidad en hansonwang99 Spring-Boot-In-Action hasta la versión 807fd37643aa774b94fd004cc3adbd29ca17e9aa. Se ha declarado crítica. Esta vulnerabilidad afecta a la función watermarkTest del archivo /springbt_watermark/src/main/java/cn/codesheep/springbt_watermark/service/ImageUploadService.java del componente File Upload. La manipulación del argumento filename provoca un path traversal. El ataque puede ejecutarse en remoto. Se ha hecho público el exploit y puede que sea utilizado. Este producto utiliza el enfoque de lanzamiento continuo para garantizar una entrega continua. Por lo tanto, no se dispone de detalles de las versiones afectadas ni de las actualizaciones. Se contactó al proveedor con antelación para informarle sobre esta divulgación, pero no respondió.

◂ ପଛକୁ ସମୀକ୍ଷା ଆହୁରି ଦୂରରେ ▸

Might our Artificial Intelligence support you?

Check our Alexa App!