CVE-2025-2219

Name of the Vulnerable Software and Affected Versions: LoveCards LoveCardsV2 versions 2.3.0 through 2.3.2

Description: A critical issue affects the processing of the file /api/upload/image. The manipulation of the file argument leads to unrestricted upload. The attack may be initiated remotely. The vendor was contacted about this disclosure but did not respond.

Recommendations: For LoveCards LoveCardsV2 versions 2.3.0 through 2.3.2, consider disabling the /api/upload/image endpoint until a patch is available to prevent unrestricted file uploads. Restrict access to this endpoint to minimize the risk of exploitation. Avoid using the file argument in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.