CVE-2025-59118

Name of the Vulnerable Software and Affected Versions Apache OFBiz versions prior to 24.09.03

Description A critical unrestricted file upload issue exists in Apache OFBiz. This allows remote attackers to upload arbitrary files, potentially including malicious scripts, leading to remote command execution (RCE) on the server. Successful exploitation could result in full system compromise, web shell deployment, or lateral movement within connected networks. Approximately 1.2k to 1.6k services are estimated to be affected worldwide. The issue involves the ability to upload dangerous file types without proper restrictions.

Recommendations Upgrade to version 24.09.03 to resolve the issue.