CVE-2025-6466
BaseFortify
Publication date: 2025-06-22
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| ageerle | ruoyi-ai | to 2.0.1 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-434 | The product allows the upload or transfer of dangerous file types that are automatically processed within its environment. |
| CWE-284 | The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an arbitrary file upload flaw in the ageerle ruoyi-ai 2.0.0 project, specifically in the speechToTextTranscriptionsV2/upload function of SseServiceImpl.java. It allows attackers to upload files without restriction, including malicious files, to any location on the server by exploiting the lack of validation on the uploaded file's name and path. This can be done remotely via the API endpoint handling audio file uploads. The vulnerability enables attackers to perform directory traversal attacks and upload harmful files such as web shells, which can lead to remote code execution or overwriting critical server files. [1, 2]
How can this vulnerability impact me? :
Exploiting this vulnerability can allow an attacker to upload malicious files anywhere on the server, including executable web shells. This can lead to arbitrary code execution, allowing the attacker to run commands on the server, compromise server integrity, overwrite important files, and potentially take full control of the affected system. Such impacts can severely compromise the security and availability of the server and its hosted applications. [1, 2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring for suspicious HTTP POST requests to the /audio endpoint that include file uploads with unusual or malicious filenames, especially those containing directory traversal patterns like '../../'. For example, you can use network traffic inspection tools or web server logs to identify such requests. A simple command to search web server logs for suspicious uploads might be: `grep -E 'POST /audio' /var/log/nginx/access.log | grep '\.\./'` to find attempts to upload files with directory traversal sequences. Additionally, scanning for unexpected files such as web shells (e.g., shell.jsp) in server directories can help detect exploitation. Using intrusion detection systems (IDS) with rules to detect arbitrary file upload attempts targeting this endpoint is also recommended. [2]
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to upgrade the affected component to version 2.0.1, which includes a patch that enforces strict file extension validation and secure file path generation to prevent arbitrary file uploads and directory traversal. If upgrading is not immediately possible, implement strict validation on uploaded files by restricting allowed file types and sanitizing filenames to prevent directory traversal. Avoid using user-supplied filenames directly for file storage paths. Additionally, monitor and block suspicious upload attempts to the /audio endpoint and consider applying web application firewall (WAF) rules to block malicious payloads. [1, 3]