CVE-2025-4893 | jammy928 CoinExchange_CryptoExchange_Java up to 8adf508b996020d3efbeeb2473d7235bd01436fa File Upload Endpoint UploadFileUtil.java uploadLocalImage filename path traversal

A vulnerability classified as critical has been found in jammy928 CoinExchange_CryptoExchange_Java up to 8adf508b996020d3efbeeb2473d7235bd01436fa. This affects the function uploadLocalImage of the file /CoinExchange_CryptoExchange_Java-master/00_framework/core/src/main/java/com/bizzan/bitrade/util/UploadFileUtil.java of the component File Upload Endpoint. The manipulation of the argument filename leads to path traversal.

This vulnerability is uniquely identified as CVE-2025-4893. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

This product does not use versioning. This is why information about affected and unaffected releases are unavailable.

CVE-2025-4893 | jammy928 CoinExchange_CryptoExchange_Java up to 8adf508b996020d3efbeeb2473d7235bd01436fa File Upload Endpoint UploadFileUtil.java uploadLocalImage filename path traversal

Post correlati

CVE-2023-47997 | FreeImage 3.18.0 BitmapAccess.cpp FreeImage_AllocateBitmap denial of service

CVE-2024-13892 | Smartwares CIP-37210AT/C724IP up to 3.3.0 command injection

CVE-2023-40010 | realmag777 Husky Plugin up to 1.3.4.2 on WordPress sql injection

CVE-2024-30537 | WPClever WPC Badge Management for WooCommerce Plugin up to 2.4.0 on WordPress authorization