CVE-2025-66908
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-12-19

Last updated on: 2025-12-19

Assigner: MITRE

Description
Turms AI-Serving module v0.10.0-SNAPSHOT and earlier contains an improper file type validation vulnerability in the OCR image upload functionality. The OcrController in turms-ai-serving/src/main/java/im/turms/ai/domain/ocr/controller/OcrController.java uses the @FormData(contentType = MediaTypeConst.IMAGE) annotation to restrict uploads to image files, but this constraint is not properly enforced. The system relies solely on client-provided Content-Type headers and file extensions without validating actual file content using magic bytes (file signatures). An attacker can upload arbitrary file types including executables, scripts, HTML, or web shells by setting the Content-Type header to "image/*" or using an image file extension. This bypass enables potential server-side code execution, stored XSS, or information disclosure depending on how uploaded files are processed and served.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-19
Last Modified
2025-12-19
Generated
2026-05-07
AI Q&A
2025-12-19
EPSS Evaluated
2026-05-05
NVD
CVE-2025-66908
EUVD
EUVD-2025-204533
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
turms-im turms 0.10.0-snapshot
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-434 The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability exists in the Turms AI-Serving module (v0.10.0-SNAPSHOT and earlier) where the OCR image upload functionality improperly validates file types. Although the system attempts to restrict uploads to image files using the @FormData(contentType = MediaTypeConst.IMAGE) annotation, it only checks client-provided Content-Type headers and file extensions without verifying the actual file content via magic bytes (file signatures). This flaw allows an attacker to upload arbitrary file types such as executables, scripts, HTML, or web shells by spoofing the Content-Type header or using an image file extension, bypassing the intended restrictions. [3]


How can this vulnerability impact me? :

The vulnerability can lead to serious security impacts including potential server-side code execution, stored cross-site scripting (XSS), or information disclosure. Since attackers can upload malicious files disguised as images, they may execute unauthorized code on the server or deliver malicious scripts to users, compromising system integrity and confidentiality. [3]


What immediate steps should I take to mitigate this vulnerability?

To mitigate this vulnerability, you should implement proper server-side validation of uploaded files by verifying the actual file content using magic bytes (file signatures) instead of relying solely on client-provided Content-Type headers and file extensions. Additionally, restrict or sanitize uploads to prevent arbitrary file types, and consider applying patches or updates if available for the Turms AI-Serving module. [2]


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart