CVE-2025-5171

Name of the Vulnerable Software and Affected Versions llisoft MTA Maita Training System version 4.5

Description A critical issue has been found in the this.fileService.download function of the file comllisoftcontrollerOpenController.java. The manipulation of the url argument leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond.

Recommendations For llisoft MTA Maita Training System version 4.5, consider disabling the this.fileService.download function until a patch is available to prevent unrestricted upload. Restrict access to the comllisoftcontrollerOpenController.java file to minimize the risk of exploitation. Avoid using the url argument in the affected function until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.