CVE-2025-7487
BaseFortify
Publication date: 2025-07-12
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| joeybling | springboot_mybatisplus | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-434 | The product allows the upload or transfer of dangerous file types that are automatically processed within its environment. |
| CWE-284 | The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-7487 is a critical vulnerability in JoeyBling SpringBoot_MyBatisPlus affecting the /file/upload endpoint in the SysFileController. It allows an attacker to upload files without any restriction or filtering on the 'portraitFile' argument. This unrestricted file upload can be exploited remotely to upload malicious files, including a specially crafted FreeMarker template that enables execution of arbitrary system commands on the server. The vulnerability arises because the upload function does not enforce access control or file validation, allowing attackers to place files in sensitive locations and execute commands, compromising the system's confidentiality, integrity, and availability. [1, 2]
How can this vulnerability impact me? :
This vulnerability can have severe impacts including unauthorized remote code execution on the affected server. An attacker can upload malicious files that execute system commands, potentially gaining full control over the server. This compromises the confidentiality, integrity, and availability of the system and its data. The attacker can execute arbitrary commands, access sensitive information, disrupt services, or use the compromised server as a foothold for further attacks. [1, 2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by checking if the /file/upload endpoint allows unrestricted file uploads, especially files with paths that traverse directories (e.g., using ../../). You can test this by attempting to upload a file named like /../../../../WEB-INF/templates/error.ftl containing FreeMarker code that executes a command such as 'whoami'. A sample test command using curl would be: curl -X POST http://<target>/file/upload -F "[email protected];filename=/../../../../WEB-INF/templates/error.ftl" where error.ftl contains: <#assign cmd = "whoami"> <#assign className = "freemarker.template.utility.Execute"?new()> ${className(cmd)} If the upload succeeds and accessing a non-existent path triggers execution and displays the command output, the vulnerability is present. [2]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include disabling or restricting the /file/upload endpoint to prevent unrestricted file uploads, especially disallowing directory traversal in file paths. Since no known mitigations or patches are available, it is recommended to replace the affected product with an alternative that does not have this vulnerability. Additionally, monitor and restrict access to the FreeMarker templates directory and implement strict input validation and access controls on file uploads to prevent malicious files from being uploaded and executed. [1, 2]