PT-2025-19335 · Unknown · Zhangyanbo2007 Youkefu
Serein123Y
·
Published
2025-05-05
·
Updated
2025-10-10
·
CVE-2025-4260
CVSS v3.1
8.3
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
zhangyanbo2007 youkefu version 4.2.0 and earlier
Description
A vulnerability was found in the function
impsave of the file mwebhandleradminsystemTemplateController.java. The manipulation of the argument dataFile leads to deserialization. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.Recommendations
For zhangyanbo2007 youkefu version 4.2.0 and earlier, consider disabling the
impsave function in the TemplateController.java file until a patch is available. Restrict access to the dataFile argument to minimize the risk of exploitation.Exploit
Fix
Deserialization of Untrusted Data
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Zhangyanbo2007 Youkefu