CVE-2025-5380

Name of the Vulnerable Software and Affected Versions ashinigit 天青一白 XueShengZhuSu 学生住宿管理系统 up to 4d3f0ada0e71482c1e51fd5f5615e5a3d8bcbfbb

Description A critical issue has been found in the Image File Upload component of the system, affecting some unknown processing of the file /upload/. The manipulation of the File argument leads to path traversal. The attack may be initiated remotely.

Recommendations As a temporary workaround, consider disabling the Image File Upload component until a patch is available. Restrict access to the /upload/ directory to minimize the risk of exploitation. Avoid using the File argument in the affected component until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.