CVE-2025-11320

Name of the Vulnerable Software and Affected Versions zhuimengshaonian wisdom-education versions prior to 1.0.5

Description A security issue exists in zhuimengshaonian wisdom-education. The uploadFile function within the file src/main/java/com/education/core/controller/UploadController.java is susceptible to unrestricted file upload. Manipulation of the File argument can lead to remote exploitation. The exploit has been publicly disclosed.

Recommendations Update zhuimengshaonian wisdom-education to version 1.0.5 or later. As a temporary workaround, restrict access to the uploadFile function until a patch is available.