CVE-2025-7864
BaseFortify
Publication date: 2025-07-20
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| jeesite | jeesite | to 5.12.1 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-434 | The product allows the upload or transfer of dangerous file types that are automatically processed within its environment. |
| CWE-284 | The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-7864 is a critical vulnerability in thinkgem JeeSite (up to version 5.12.0) involving an unrestricted file upload flaw in the FileUploadController.java component. Specifically, the upload endpoint allows users to upload PDF files without proper sanitization, enabling attackers to embed malicious JavaScript payloads inside these files. When such a PDF is accessed with a preview parameter, the system serves the file inline, causing the malicious script to execute in the victim's browser. This Stored Cross-Site Scripting (XSS) vulnerability can be exploited remotely and allows attackers to execute arbitrary scripts within the context of the affected application. [1, 2, 3]
How can this vulnerability impact me? :
This vulnerability can impact you by allowing attackers to execute arbitrary JavaScript code in the context of your web application. This can lead to phishing attacks, credential theft, session hijacking, and other malicious activities that compromise the confidentiality, integrity, and availability of your system. Since the vulnerability allows unrestricted file uploads, attackers can upload malicious files that may be automatically processed or previewed by users, increasing the risk of exploitation and system compromise. [2, 3]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring attempts to access the vulnerable upload endpoint `/js/a/file/upload` and checking for unauthorized or suspicious file uploads, especially PDF files. You can look for HTTP POST requests to this endpoint carrying PDF files. Additionally, inspecting files uploaded to the server for embedded JavaScript payloads can help detect exploitation attempts. Network monitoring tools or web server logs can be used to identify such activity. For example, using command-line tools like curl or wget to test the upload endpoint or grep to search logs for POST requests to `/js/a/file/upload` can be helpful. Example commands: 1) To check web server logs for upload attempts: `grep '/js/a/file/upload' /var/log/nginx/access.log` 2) To test upload endpoint with curl: `curl -X POST -F '[email protected]' https://yourserver/js/a/file/upload` 3) To scan uploaded files for embedded scripts, use tools like `pdfid` or `pdf-parser` to analyze PDF files for JavaScript content. [1, 3]
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to apply the official patch identified by commit `3585737d21fe490ff6948d913fcbd8d99c41fc08` which improves XSS filtering and sanitization in the file upload handling and template rendering. If patching is not immediately possible, restrict access to the vulnerable upload endpoint `/js/a/file/upload` by implementing network-level controls such as firewall rules or web application firewall (WAF) rules to block unauthorized uploads. Additionally, disable or restrict the preview functionality that serves uploaded PDF files inline with the `?source=preview` parameter to prevent execution of embedded scripts. Monitoring and removing suspicious uploaded files can also reduce risk until the patch is applied. [2, 4, 3]