CVE-2025-8526

Name of the Vulnerable Software and Affected Versions Exrick xboot versions up to 3.3.4

Description A critical issue exists in Exrick xboot that allows for unrestricted file uploads. This is due to the manipulation of the File argument within the Upload function located in the file xboot-fast/src/main/java/cn/exrick/xboot/modules/base/controller/common/UploadController.java. The attack can be initiated remotely. The exploit has been disclosed to the public.

Recommendations Versions prior to 3.3.5: At the moment, there is no information about a newer version that contains a fix for this vulnerability.