CVE-2025-56815
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-09-24

Last updated on: 2025-10-10

Assigner: MITRE

Description
Datart 1.0.0-rc.3 is vulnerable to Directory Traversal in the POST /viz/image interface, since the server directly uses MultipartFile.transferTo() to save the uploaded file to a path controllable by the user, and lacks strict verification of the file name.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-09-24
Last Modified
2025-10-10
Generated
2026-06-16
AI Q&A
2025-09-24
EPSS Evaluated
2026-06-15
NVD
CVE-2025-56815
EUVD
EUVD-2025-31013
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
running-elephant datart 1.0.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-22 The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is a Directory Traversal issue in Datart 1.0.0-rc.3 affecting the POST /viz/image interface. The server uses MultipartFile.transferTo() to save uploaded files to a location that the user can control through the file name. Because the server does not strictly verify the file name, an attacker can manipulate the file path to access or overwrite files outside the intended directory.

Impact Analysis

This vulnerability can allow an attacker to write files to arbitrary locations on the server, potentially overwriting critical files or placing malicious files. This can lead to unauthorized access, data corruption, or remote code execution depending on the server configuration and file permissions.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-56815. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart