CVE-2025-6108

Name of the Vulnerable Software and Affected Versions hansonwang99 Spring-Boot-In-Action up to 807fd37643aa774b94fd004cc3adbd29ca17e9aa

Description A critical issue was found in the function watermarkTest of the file /springbt watermark/src/main/java/cn/codesheep/springbt watermark/service/ImageUploadService.java of the component File Upload. The manipulation of the argument filename leads to path traversal. The attack can be launched remotely.

Recommendations As a temporary workaround, consider disabling the watermarkTest function until a fix is available. Restrict access to the File Upload component to minimize the risk of exploitation. Avoid using the filename argument in the affected file until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.