CVE-2025-4868

Name of the Vulnerable Software and Affected Versions merikbest ecommerce-spring-reactjs up to 464e610bb11cc2619cf6ce8212ccc2d1fd4277fd

Description A critical issue affects some unknown functionality of the file "/api/v1/admin/" of the component File Upload Endpoint. The manipulation of the filename argument leads to path traversal. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. This product utilizes continuous delivery with rolling releases, so no version details of affected or updated releases are available.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.