CVE-2025-8965

Name of the Vulnerable Software and Affected Versions: linlinjava litemall versions up to 1.8.0

Description: A vulnerability exists in linlinjava litemall up to version 1.8.0, specifically within the create function located in the file litemall-admin-api/src/main/java/org/linlinjava/litemall/admin/web/AdminStorageController.java of the Endpoint component. The vulnerability is due to unrestricted upload caused by manipulation of the File argument. This issue can be exploited remotely. The exploit has been publicly disclosed.

Recommendations: linlinjava litemall versions prior to 1.8.0 are recommended. As a temporary workaround, consider restricting file upload permissions.