CVE-2025-6466 | ageerle ruoyi-ai 2.0.0 SseServiceImpl.java speechToTextTranscriptionsV2/upload File unrestricted upload

A vulnerability was found in ageerle ruoyi-ai 2.0.0 and classified as critical. Affected by this issue is the function speechToTextTranscriptionsV2/upload of the file ruoyi-modules/ruoyi-system/src/main/java/org/ruoyi/system/service/impl/SseServiceImpl.java. The manipulation of the argument File leads to unrestricted upload.

This vulnerability is handled as CVE-2025-6466. The attack may be launched remotely. Furthermore, there is an exploit available.

It is recommended to upgrade the affected component.

CVE-2025-6466 | ageerle ruoyi-ai 2.0.0 SseServiceImpl.java speechToTextTranscriptionsV2/upload File unrestricted upload

Post correlati

CVE-2024-6437 | Arista EOS up to 4.32.1F Policy-based Routing denial of service

CVE-2024-32977 | OctoPrint up to 1.10.0 authentication spoofing (GHSA-2vjq-hg5w-5gm7)

CVE-2024-10683 | Contact Form 7 Plugin up to 2.3.1 on WordPress cross site scripting

CVE-2024-24050 | SourceCodester Workout Journal App 1.0 /add-user.php firstname/lastname cross site scripting