CVE-2025-0702

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions JoeyBling bootplus up to 247d5f6c209be1a5cf10cd0fa18e1d8cc63cf55d

Description A critical vulnerability was found in JoeyBling bootplus, allowing for unrestricted file upload. The issue is related to the manipulation of the portraitFile argument in the unknown code of the file src/main/java/io/github/controller/SysFileController.java. This can be exploited remotely. The exploit has been publicly disclosed.

Recommendations For JoeyBling bootplus up to 247d5f6c209be1a5cf10cd0fa18e1d8cc63cf55d, as a temporary workaround, consider restricting access to the portraitFile argument to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Improper Access Control

Unrestricted File Upload

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-284CWE-434

Related Identifiers

CVE-2025-0702

Affected Products

Joeybling Bootplus

CVE-2025-0702

Weakness Enumeration

Related Identifiers

Affected Products

References · 8