CVE-2025-7450

CVSS v2.0

5.5

Medium

Vector

AV:N/AC:L/Au:S/C:N/I:P/A:P

Name of the Vulnerable Software and Affected Versions: letseeqiji gorobbs versions up to 1.0.8

Description: A critical issue exists in letseeqiji gorobbs. The ResetUserAvatar function within the controller/api/v1/user.go file is susceptible to path traversal due to manipulation of the filename argument. This allows for remote exploitation. The exploit has been publicly disclosed.

Recommendations: Versions prior to 1.0.9: Address the path traversal issue in the ResetUserAvatar function by sanitizing the filename argument to prevent unauthorized file access.

Exploit

Fix

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22

Related Identifiers

CVE-2025-7450

Affected Products

Gorobbs

CVE-2025-7450

Weakness Enumeration

Related Identifiers

Affected Products

References · 9