CVE-2025-4333

CVSS v2.0

6.5

Medium

Vector

AV:N/AC:L/Au:S/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions feng ha ha/megagao ssm-erp and production ssm version 0.0.1

Description A critical issue affects the uploadFile function in the file src/main/java/com/megagao/production/ssm/service/impl/FileServiceImpl.java. The manipulation of the uploadFile argument allows for unrestricted file upload. This issue can be exploited remotely.

Recommendations For version 0.0.1, consider disabling the uploadFile function until a patch is available to prevent unrestricted file uploads. Restrict access to the FileServiceImpl.java service to minimize the risk of exploitation. Avoid using the uploadFile argument in the affected service until the issue is resolved.

Exploit

Fix

Improper Access Control

Unrestricted File Upload

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-284CWE-434

Related Identifiers

CVE-2025-4333

Affected Products

Megagao Ssm-Erp

Production Ssm

CVE-2025-4333

Weakness Enumeration

Related Identifiers

Affected Products

References · 6