Exrick xboot UploadController.java upload unrestricted upload_CVE-2025-8526

5.3 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

Description

A vulnerability was found in Exrick xboot up to 3.3.4. It has been declared as critical. This vulnerability affects the function Upload of the file xboot-fast/src/main/java/cn/exrick/xboot/modules/base/controller/common/UploadController.java. The manipulation of the argument File leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Basic Information

ID CVE-2025-8526

Source VulDB

Published Aug 4, 2025 at 21:02

Modified Aug 5, 2025 at 15:43

Affected Product

Vendor Exrick

Product xboot

Version 3.3.0

Affected Versions Exrick xboot 3.3.0
Exrick xboot 3.3.1
Exrick xboot 3.3.2
Exrick xboot 3.3.3
Exrick xboot 3.3.4

CWE Classification

CWE-434 CWE-284

References

{
    "lastseen": "",
    "description": "A vulnerability was found in Exrick xboot up to 3.3.4. It has been declared as critical. This vulnerability affects the function Upload of the file xboot-fast/src/main/java/cn/exrick/xboot/modules/base/controller/common/UploadController.java. The manipulation of the argument File leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.",
    "published": "2025-08-04T21:02:05.466Z",
    "modified": "2025-08-05T15:43:54.503Z",
    "type": "cve",
    "title": "Exrick xboot UploadController.java upload unrestricted upload",
    "source": "VulDB",
    "references": "https://vuldb.com/?id.318652\nhttps://vuldb.com/?ctiid.318652\nhttps://vuldb.com/?submit.622173\nhttps://github.com/Exrick/xboot/issues/71\nhttps://github.com/Exrick/xboot/issues/71#issue-3252446955",
    "id": "CVE-2025-8526",
    "bulletinFamily": "",
    "cwe": [
        "CWE-434",
        "CWE-284"
    ],
    "cvelist": null,
    "sourceData": "Exrick xboot 3.3.0\nExrick xboot 3.3.1\nExrick xboot 3.3.2\nExrick xboot 3.3.3\nExrick xboot 3.3.4",
    "sourceHref": "",
    "cvss": {
        "score": 5.3,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "xboot",
    "version": "3.3.0",
    "vendor": "Exrick",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}