CVE-2025-7488

Name of the Vulnerable Software and Affected Versions: JoeyBling SpringBoot MyBatisPlus versions up to a6a825513bd688f717dbae3a196bc9c9622fea26

Description: A critical vulnerability exists in the Download function of the /file/download endpoint. Manipulation of the Name argument allows for path traversal. This issue can be exploited remotely, and the exploit has been publicly disclosed. Continuous delivery with rolling releases is used, and no specific version details for affected or updated releases are available.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, consider restricting access to the /file/download endpoint. Sanitize the Name argument to prevent path traversal attempts.