CVE-2025-8343

Name of the Vulnerable Software and Affected Versions openviglet shio versions through 0.3.8

Description A critical vulnerability exists in openviglet shio up to version 0.3.8. This issue affects the shStaticFilePreUpload function located in the file shio-app/src/main/java/com/viglet/shio/api/staticfile/ShStaticFileAPI.java. Manipulation of the fileName argument leads to a path traversal vulnerability, allowing for remote attacks. The exploit for this issue has been publicly disclosed.

Recommendations Versions prior to 0.3.9 are affected. As a temporary workaround, consider restricting access to the shStaticFilePreUpload function until a patch is available.