CVE-2025-4893

Name of the Vulnerable Software and Affected Versions: CoinExchange CryptoExchange Java up to 8adf508b996020d3efbeeb2473d7235bd01436fa

Description: A critical vulnerability has been found in CoinExchange CryptoExchange Java, affecting the uploadLocalImage function of the File Upload Endpoint. The manipulation of the filename argument leads to path traversal, allowing remote attacks. The exploit has been publicly disclosed.

Recommendations: As a temporary workaround, consider disabling the uploadLocalImage function until a fix is available. Restrict access to the File Upload Endpoint to minimize the risk of exploitation. Avoid using the filename argument in the affected endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.