openviglet shio ShStaticFileAPI.java shStaticFileUpload unrestricted upload_CVE-2025-8344

5.3 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

Description

A vulnerability classified as critical has been found in openviglet shio up to 0.3.8. Affected is the function shStaticFileUpload of the file shio-app/src/main/java/com/viglet/shio/api/staticfile/ShStaticFileAPI.java. The manipulation of the argument filename leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Basic Information

ID CVE-2025-8344

Source VulDB

Published Jul 31, 2025 at 01:32

Modified Jul 31, 2025 at 14:33

Affected Product

Vendor openviglet

Product shio

Version 0.3.0

Affected Versions openviglet shio 0.3.0
openviglet shio 0.3.1
openviglet shio 0.3.2
openviglet shio 0.3.3
openviglet shio 0.3.4
openviglet shio 0.3.5
openviglet shio 0.3.6
openviglet shio 0.3.7
openviglet shio 0.3.8

CWE Classification

CWE-434 CWE-284

References

{
    "lastseen": "",
    "description": "A vulnerability classified as critical has been found in openviglet shio up to 0.3.8. Affected is the function shStaticFileUpload of the file shio-app/src/main/java/com/viglet/shio/api/staticfile/ShStaticFileAPI.java. The manipulation of the argument filename leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.",
    "published": "2025-07-31T01:32:05.152Z",
    "modified": "2025-07-31T14:33:44.225Z",
    "type": "cve",
    "title": "openviglet shio ShStaticFileAPI.java shStaticFileUpload unrestricted upload",
    "source": "VulDB",
    "references": "https://vuldb.com/?id.318294\nhttps://vuldb.com/?ctiid.318294\nhttps://vuldb.com/?submit.617680\nhttps://github.com/openviglet/shio/issues/1029\nhttps://github.com/openviglet/shio/issues/1029#issue-3239422554",
    "id": "CVE-2025-8344",
    "bulletinFamily": "",
    "cwe": [
        "CWE-434",
        "CWE-284"
    ],
    "cvelist": null,
    "sourceData": "openviglet shio 0.3.0\nopenviglet shio 0.3.1\nopenviglet shio 0.3.2\nopenviglet shio 0.3.3\nopenviglet shio 0.3.4\nopenviglet shio 0.3.5\nopenviglet shio 0.3.6\nopenviglet shio 0.3.7\nopenviglet shio 0.3.8",
    "sourceHref": "",
    "cvss": {
        "score": 5.3,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "shio",
    "version": "0.3.0",
    "vendor": "openviglet",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}