CVE-2025-14522 | baowzh hfly up to 638ff9abe9078bc977c132b37acbe1900b63491c upload_json.php imgFile unrestricted upload

A vulnerability classified as critical has been found in baowzh hfly up to 638ff9abe9078bc977c132b37acbe1900b63491c. The impacted element is an unknown function of the file /Public/Kindeditor/php/upload_json.php. Performing manipulation of the argument imgFile results in unrestricted upload.

This vulnerability is cataloged as CVE-2025-14522. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2025-14522 | baowzh hfly up to 638ff9abe9078bc977c132b37acbe1900b63491c upload_json.php imgFile unrestricted upload

Post correlati

CVE-2025-27647 | Vasion Print Virtual Appliance Host improper authentication

CVE-2024-13137 | wangl1989 mysiteforme 1.0 SiteController RestResponse cross site scripting

CVE-2024-10251 | Ivanti Security Controls prior 2024.4.1 default permission

CVE-2024-33975 | Janobe E-Negosyo System 1.0 index.php view cross site scripting