CVE-2025-34336
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-11-19

Last updated on: 2025-11-19

Assigner: VulnCheck

Description
eGovFramework/egovframe-common-components versions up to and including 4.3.1 contain an unauthenticated file upload vulnerability via the /utl/wed/insertImage.do and /utl/wed/insertImageCk.do image upload endpoints. These controllers accept multipart requests without authentication, pass the uploaded content to a shared upload helper, and store the file on the server under a framework-controlled path. The framework then returns a download URL that can be used to retrieve the uploaded content, including an attacker-controlled Content-Type within the limits of the image upload functionality. While a filename extension whitelist is enforced, the attacker fully controls the file contents. The response MIME type used is also attacker-controlled when the file is served up to version < 4.1.2. Since version 4.1.2, it is possible to download any image uploaded with any whitelisted content type. But any file uploaded other than an image will be served with the `application/octet-stream` content type (the content type is no longer controlled by the attacker since version 4.1.2). This enables an unauthenticated attacker to use any affected application as a persistent file hosting service for arbitrary content under the application's origin. KISA/KrCERT has identified this unpatched vulnerability as "KVE-2023-5280."
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-11-19
Last Modified
2025-11-19
Generated
2026-06-16
AI Q&A
2025-11-19
EPSS Evaluated
2026-06-14
NVD
CVE-2025-34336
EUVD
EUVD-2025-198197
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
egovframework egovframe-common-components 4.3.1
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-434 The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in eGovFramework/egovframe-common-components versions up to 4.3.1 and allows unauthenticated attackers to upload files via specific image upload endpoints (/utl/wed/insertImage.do and /utl/wed/insertImageCk.do). The uploaded files are stored on the server and can be accessed via a download URL. Although there is a filename extension whitelist, attackers control the file contents and, in versions before 4.1.2, the MIME type of the served file is also attacker-controlled. Since version 4.1.2, non-image files are served with a fixed content type, but attackers can still use the application as a persistent file hosting service for arbitrary content without authentication.

Impact Analysis

This vulnerability can allow an unauthenticated attacker to upload arbitrary files to the server and host them persistently under the application's origin. This can lead to misuse of the application as a file hosting service, potentially enabling distribution of malicious content, unauthorized data storage, or other malicious activities without requiring authentication.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-34336. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart