CVE-2025-15448
Unknown Unknown - Not Provided
Unrestricted File Upload in JavaMall MinioController Enables Remote Attack

Publication date: 2026-01-05

Last updated on: 2026-03-08

Assigner: VulDB

Description
A vulnerability was found in cld378632668 JavaMall up to 994f1e2b019378ec9444cdf3fce2d5b5f72d28f0. This impacts the function Upload of the file src/main/java/com/macro/mall/controller/MinioController.java. The manipulation results in unrestricted upload. It is possible to launch the attack remotely. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-05
Last Modified
2026-03-08
Generated
2026-06-16
AI Q&A
2026-01-05
EPSS Evaluated
2026-06-15
NVD
CVE-2025-15448
EUVD
EUVD-2026-0917
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
cld378632668 javamall 1.0.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-434 The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.
CWE-284 The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability in JavaMall's MinioController.java upload function allows unrestricted file uploads due to lack of validation on file suffixes and absence of protections against directory traversal attacks. Attackers can upload files of any type remotely, potentially leading to remote code execution and other severe impacts because the application directly concatenates file names and suffixes without checks. [1, 2]

Impact Analysis

The vulnerability can impact you by allowing attackers to upload malicious files remotely, which may lead to remote code execution (getshell), compromising the confidentiality, integrity, and availability of your system. This could result in unauthorized access, data breaches, or service disruptions. [1, 2]

Detection Guidance

This vulnerability can be detected by monitoring for unusual or unauthorized file uploads to the affected upload interface in JavaMall, specifically targeting the MinioController.java upload function. Since the vulnerability allows unrestricted file uploads without validation, detection can involve checking for files with suspicious suffixes or unexpected file types being uploaded. Network monitoring tools can be used to inspect HTTP requests to the upload endpoint for anomalous payloads. However, no specific detection commands or signatures are provided in the available resources. [1, 2]

Mitigation Strategies

Immediate mitigation steps include restricting or disabling the vulnerable upload functionality if possible, and monitoring for suspicious file uploads. Since no official patches or countermeasures have been published and the vendor has not responded, it is recommended to consider replacing the affected component with an alternative product. Implementing strict validation and filtering on uploaded files, such as checking file suffixes and preventing directory traversal, would be necessary to fully mitigate the risk once a fix is available. [2]

Compliance Impact

The vulnerability allows unrestricted file uploads, potentially leading to remote code execution and unauthorized access or manipulation of data. This can compromise the confidentiality, integrity, and availability of the system, which may result in violations of data protection regulations such as GDPR and HIPAA that require safeguarding personal and sensitive information. However, no specific compliance impact or regulatory assessment is detailed in the provided resources. [1, 2]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-15448. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart