CVE-2025-8344

Name of the Vulnerable Software and Affected Versions openviglet shio versions up to 0.3.8

Description A critical vulnerability has been identified in openviglet shio up to version 0.3.8. The shStaticFileUpload function within the file shio-app/src/main/java/com/viglet/shio/api/staticfile/ShStaticFileAPI.java is affected. Manipulation of the filename argument leads to unrestricted file upload, and the attack can be launched remotely. The exploit for this issue has been publicly disclosed.

Recommendations For versions up to 0.3.8, restrict or disable the shStaticFileUpload function to prevent unrestricted file uploads.