CVE-2025-3807

Name of the Vulnerable Software and Affected Versions zhenfeng13 My-BBS version 1.0

Description A critical vulnerability was found in the Upload function of the file src/main/java/com/my/bbs/controller/common/UploadController.java, affecting the Endpoint component. This leads to unrestricted upload and can be initiated remotely. The exploit has been disclosed to the public and may be used.

Recommendations For zhenfeng13 My-BBS version 1.0, as a temporary workaround, consider disabling the Upload function in the src/main/java/com/my/bbs/controller/common/UploadController.java file until a patch is available. Restrict access to the vulnerable Endpoint component to minimize the risk of exploitation. Avoid using the Upload function in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.