CVE-2025-7450 | letseeqiji gorobbs up to 1.0.8 API user.go ResetUserAvatar filename path traversal (Issue 18)

Inserito da Angelo Barbosa | Lug 11, 2025 | CVE

A vulnerability was found in letseeqiji gorobbs up to 1.0.8. It has been classified as critical. This affects the function ResetUserAvatar of the file controller/api/v1/user.go of the component API. The manipulation of the argument filename leads to path traversal.

This vulnerability is uniquely identified as CVE-2025-7450. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

CVE-2025-7450 | letseeqiji gorobbs up to 1.0.8 API user.go ResetUserAvatar filename path traversal (Issue 18)

Post correlati

CVE-2024-40602 | Tempo Skin up to 1.42.1 on MediaWiki Sidebar Menu cross site scripting

CVE-2024-30676 | ROS2 Iron Irwini denial of service

CVE-2024-7979 | Google Chrome up to 127.0.6533.99 Installer out-of-bounds

CVE-2024-36674 | LyLme_spage 1.9.5 admin/link.php cross site scripting (Issue 91)