CVE-2025-61188
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-10-01
Last updated on: 2025-10-07
Assigner: MITRE
Description
Description
Jeecgboot versions 3.8.2 and earlier are affected by a path traversal vulnerability. This vulnerability allows attackers to upload files with system-whitelisted extensions to the system directory /opt, instead of the /opt/upFiles directory specified by the web server.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| jeecg | jeecg_boot | to 3.8.2 (inc) |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-24 | The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize "../" sequences that can resolve to a location that is outside of that directory. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a path traversal issue in Jeecgboot versions 3.8.2 and earlier. It allows attackers to upload files with system-whitelisted extensions to the system directory /opt, bypassing the intended restriction to the /opt/upFiles directory specified by the web server.
How can this vulnerability impact me? :
The vulnerability can allow attackers to place files in sensitive system directories, potentially leading to unauthorized file uploads, system compromise, or execution of malicious files, which can affect the integrity and security of the system.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70