CVE-2025-13875 | Yohann0617 oci-helper up to 3.2.4 OCI Configuration Upload OciServiceImpl.java addCfg File path traversal

A vulnerability was found in Yohann0617 oci-helper up to 3.2.4 and classified as critical. This issue affects the function addCfg of the file src/main/java/com/yohann/ocihelper/service/impl/OciServiceImpl.java of the component OCI Configuration Upload. Executing manipulation of the argument File can lead to path traversal.

This vulnerability is registered as CVE-2025-13875. It is possible to launch the attack remotely. Furthermore, an exploit is available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2025-13875 | Yohann0617 oci-helper up to 3.2.4 OCI Configuration Upload OciServiceImpl.java addCfg File path traversal

Post correlati

CVE-2023-6165 | Restrict Usernames Emails Characters Plugin up to 3.1.3 on WordPress Setting cross site scripting

CVE-2024-9005 | Schneider Electric EcoStruxure Power Monitoring Expert up to 2022 deserialization (SEVD-2024-282-05)

CVE-2024-57950 | Linux Kernel up to 6.12.11 AMD Display divide by zero

CVE-2024-40843 | Apple macOS up to 14.7 access control