CVE-2025-4175

Name of the Vulnerable Software and Affected Versions AlanBinu007 Spring-Boot-Advanced-Projects versions up to 3.1.3

Description A critical vulnerability was found in AlanBinu007 Spring-Boot-Advanced-Projects, affecting the function uploadUserProfileImage of the file /Spring-Boot-Advanced-Projects-main/Project-4.SpringBoot-AWS-S3/backend/src/main/java/com/urunov/profile/UserProfileController.java of the component Upload Profile API Endpoint. The manipulation of the argument File leads to path traversal. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Recommendations For versions up to 3.1.3, as a temporary workaround, consider disabling the uploadUserProfileImage function until a patch is available. Restrict access to the Upload Profile API Endpoint to minimize the risk of exploitation. Avoid using the File argument in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.