CVE-2025-34337

Name of the Vulnerable Software and Affected Versions eGovFramework/egovframe-common-components versions up to and including 4.3.1

Description The Web Editor image upload functionality within the software uses symmetric encryption for URL parameters but reveals an encryption oracle. This allows attackers to create valid ciphertext for chosen values. The image upload endpoints /utl/wed/insertImage.do and /utl/wed/insertImageCk.do encrypt server-side paths, filenames, and MIME types, embedding them into a download URL returned to the client. These encrypted parameters are then trusted by other endpoints, such as /utl/web/imageSrc.do and /cmm/fms/getImage.do. An unauthenticated attacker can exploit this to obtain encrypted representations of attacker-chosen identifiers and replay them to file-serving APIs. This bypasses access controls that rely on the secrecy of encrypted parameters, potentially allowing retrieval of arbitrary stored files without proper authorization. The vulnerable parameters are the encrypted server-side paths, filenames, and MIME types.

Recommendations Versions prior to 4.3.1 should be used.