CVE-2025-3566

Name of the Vulnerable Software and Affected Versions: veal98 小牛肉 Echo 开源社区系统 version 4.2

Description: A critical issue has been found in the function uploadMdPic of the file /discuss/uploadMdPic. The manipulation of the argument editormd-image-file leads to unrestricted upload. The attack may be initiated remotely.

Recommendations: For version 4.2, as a temporary workaround, consider disabling the uploadMdPic function until a patch is available. Restrict access to the /discuss/uploadMdPic endpoint to minimize the risk of exploitation. Avoid using the editormd-image-file argument in the affected endpoint until the issue is resolved.