diyhi bbs File Compression FilePackageManageAction.java information disclosure_CVE-2025-9461

5.3 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P

Description

A weakness has been identified in diyhi bbs up to 6.8. The impacted element is an unknown function of the file src/main/java/cms/web/action/filePackage/FilePackageManageAction.java of the component File Compression Handler. This manipulation of the argument idGroup causes information disclosure. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be exploited.

Basic Information

ID CVE-2025-9461

Source VulDB

Published Aug 26, 2025 at 03:02

Affected Product

Vendor diyhi

Product bbs

Version 6.0

Affected Versions diyhi bbs 6.0
diyhi bbs 6.1
diyhi bbs 6.2
diyhi bbs 6.3
diyhi bbs 6.4
diyhi bbs 6.5
diyhi bbs 6.6
diyhi bbs 6.7
diyhi bbs 6.8

CWE Classification

CWE-200 CWE-284

References

{
    "lastseen": "",
    "description": "A weakness has been identified in diyhi bbs up to 6.8. The impacted element is an unknown function of the file src/main/java/cms/web/action/filePackage/FilePackageManageAction.java of the component File Compression Handler. This manipulation of the argument idGroup causes information disclosure. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be exploited.",
    "published": "2025-08-26T03:02:08.509Z",
    "modified": "2025-08-26T03:02:08.509Z",
    "type": "cve",
    "title": "diyhi bbs File Compression FilePackageManageAction.java information disclosure",
    "source": "VulDB",
    "references": "https://vuldb.com/?id.321296\nhttps://vuldb.com/?ctiid.321296\nhttps://vuldb.com/?submit.634295\nhttps://github.com/August829/Yu/blob/main/58ead8e7e08bfb0e1.md",
    "id": "CVE-2025-9461",
    "bulletinFamily": "",
    "cwe": [
        "CWE-200",
        "CWE-284"
    ],
    "cvelist": null,
    "sourceData": "diyhi bbs 6.0\ndiyhi bbs 6.1\ndiyhi bbs 6.2\ndiyhi bbs 6.3\ndiyhi bbs 6.4\ndiyhi bbs 6.5\ndiyhi bbs 6.6\ndiyhi bbs 6.7\ndiyhi bbs 6.8",
    "sourceHref": "",
    "cvss": {
        "score": 5.3,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "bbs",
    "version": "6.0",
    "vendor": "diyhi",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}