CVE-2025-8764
BaseFortify
Publication date: 2025-08-09
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linlinjava | litemall | to 1.8.0 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-434 | The product allows the upload or transfer of dangerous file types that are automatically processed within its environment. |
| CWE-284 | The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-8764 is a critical vulnerability in linlinjava Litemall up to version 1.8.0, specifically in the /wx/storage/upload endpoint. The vulnerability occurs because the application does not validate file extensions during file uploads, allowing attackers to upload executable files such as .html, .htm, or .pdf. These files are then served back to clients without any sanitization or filtering, enabling stored cross-site scripting (XSS) attacks. This means malicious scripts can be executed in the browsers of users who access the uploaded files. [1, 3]
How can this vulnerability impact me? :
This vulnerability can lead to arbitrary JavaScript execution in the browsers of users who access the uploaded malicious files. The impacts include theft of cookies, session hijacking, account takeover, privilege escalation (especially if administrators are targeted), and can be used as a pivot for further client-side attacks such as phishing. Additionally, it affects the confidentiality, integrity, and availability of the system by allowing attackers to upload and execute malicious files remotely without authentication. [2, 3]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring for suspicious or unauthorized file uploads to the /wx/storage/upload endpoint, especially files with extensions like .html, .htm, or .pdf that should not be allowed. You can use network monitoring tools or web server logs to identify POST requests to /wx/storage/upload with unusual file types. For example, using curl to test the upload endpoint with a malicious file can help verify if the vulnerability exists: curl -X POST -F "[email protected]" https://yourserver/wx/storage/upload. Additionally, scanning your web server logs for POST requests to /wx/storage/upload containing executable file types can help detect exploitation attempts. [3]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include implementing strict validation of file extensions and content types on the /wx/storage/upload endpoint to block executable files such as .html, .htm, and .pdf with embedded scripts. Sanitize or filter uploaded files to prevent execution of active content. If possible, disable or restrict file uploads temporarily until a patch or fix is applied. Consider replacing the affected product or applying any available updates. Monitoring and blocking suspicious upload attempts can also reduce risk. [2, 3]