CVE-2025-4305

Name of the Vulnerable Software and Affected Versions kefaming mayi versions 1.3.9 and earlier

Description A critical vulnerability has been found in kefaming mayi, affecting the function Upload of the file app/tools/controller/File.php. The manipulation of the argument File leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Recommendations For versions 1.3.9 and earlier, consider disabling the Upload function in the file app/tools/controller/File.php until a patch is available. Restrict access to the File argument to minimize the risk of exploitation. Avoid using the File argument in the affected file until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.