CVE-2025-7864

A vulnerability was found in thinkgem JeeSite up to 5.12.0. It has been classified as critical. This affects the function Upload of the file src/main/java/com/jeesite/modules/file/web/FileUploadController.java. The manipulation leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of the patch is 3585737d21fe490ff6948d913fcbd8d99c41fc08. It is recommended to apply a patch to fix this issue.

CVSS

No CVSS.

References

Link	Resource
https://github.com/thinkgem/jeesite5/commit/3585737d21fe490ff6948d913fcbd8d99c41fc08
https://github.com/thinkgem/jeesite5/issues/31
https://github.com/thinkgem/jeesite5/issues/31
https://github.com/thinkgem/jeesite5/issues/31#issuecomment-3051363397
https://vuldb.com/?ctiid.316977
https://vuldb.com/?id.316977
https://vuldb.com/?submit.618189

Configurations

No configuration.

History

21 Jul 2025, 19:15

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~6.3~~	v2 : unknown v3 : unknown
CWE	CWE-284 CWE-434

20 Jul 2025, 03:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-07-20 03:15

Updated : 2025-07-21 19:15

NVD link : CVE-2025-7864

Mitre link : CVE-2025-7864

JSON object : View

Products Affected

No product.

CWE

No CWE.

JSON object

Attach tags to CVE-2025-7864

Attach tags to `CVE-2025-7864`