CVE-2025-2208

Name of the Vulnerable Software and Affected Versions: aitangbao springboot-manager version 3.0

Description: A problematic issue has been found in the Filename Handler component, affecting the processing of the file /sysFiles/upload. The manipulation of the name argument leads to cross-site scripting. This issue can be exploited remotely. The exploit has been publicly disclosed, and the vendor was contacted but did not respond.

Recommendations: For aitangbao springboot-manager version 3.0, as a temporary workaround, consider restricting access to the /sysFiles/upload file and the Filename Handler component to minimize the risk of exploitation. Avoid using the name argument in the affected component until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.