CVE-2025-4768

Name of the Vulnerable Software and Affected Versions: feng ha ha/megagao ssm-erp version 1.0 production ssm version 1.0

Description: A critical vulnerability has been found in the affected software, affecting the uploadPicture function of the PictureServiceImpl.java file. The manipulation of the File argument leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. This product is distributed under two entirely different names.

Recommendations: For feng ha ha/megagao ssm-erp version 1.0, consider disabling the uploadPicture function until a patch is available. For production ssm version 1.0, restrict access to the PictureServiceImpl.java file to minimize the risk of exploitation. As a temporary workaround, avoid using the File argument in the affected function until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.