CVE-2025-7864 | thinkgem JeeSite up to 5.12.0 FileUploadController.java upload unrestricted upload (Issue 31)

Inserito da Angelo Barbosa | Lug 19, 2025 | CVE

A vulnerability was found in thinkgem JeeSite up to 5.12.0. It has been classified as critical. This affects the function Upload of the file src/main/java/com/jeesite/modules/file/web/FileUploadController.java. The manipulation leads to unrestricted upload.

This vulnerability is uniquely identified as CVE-2025-7864. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

It is recommended to apply a patch to fix this issue.

CVE-2025-7864 | thinkgem JeeSite up to 5.12.0 FileUploadController.java upload unrestricted upload (Issue 31)

Post correlati

CVE-2022-50115 | Linux Kernel up to 5.18.17/5.19.1 ASoC ipc_control_data memory corruption

CVE-2024-57985 | Linux Kernel up to 6.12.12/6.13.1 __scm_smc_call __scm null pointer dereference

CVE-2024-5020 | Gallery Plugin on WordPress FancyBox JavaScript Library cross site scripting

CVE-2023-28865 | Diebold Nixdorf Vynamic Security Suite up to 3.3.0 SR14/4.0.0 SR04/4.1.0 SR02/4.2.0 SR01 Pre-Boot Authorization improper authorization