PT-2025-40299 · Unknown · Jeecg-Boot
Arron-Bit
·
Published
2025-10-01
·
Updated
2025-10-07
·
CVE-2025-61189
CVSS v3.1
6.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L |
Name of the Vulnerable Software and Affected Versions
Jeecgboot versions 3.8.2 and earlier
Description
Jeecgboot versions 3.8.2 and earlier are susceptible to a path traversal issue. The
/sys/comment/addFile API endpoint allows attackers to upload files with system-whitelisted extensions to the /opt directory, bypassing the intended upload location of /opt/upFiles configured for the web server. The addFile function is involved in this issue.Recommendations
Update Jeecgboot to a version later than 3.8.2.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Jeecg-Boot