CVE-2025-13875

Name of the Vulnerable Software and Affected Versions Yohann0617 oci-helper versions through 3.2.4

Description A path traversal weakness exists in Yohann0617 oci-helper up to version 3.2.4. The issue is located within the addCfg function of the OCI Configuration Upload component, specifically in the file src/main/java/com/yohann/ocihelper/service/impl/OciServiceImpl.java. Manipulation of the File argument can lead to path traversal, allowing for remote exploitation. The exploit is publicly available. The vendor was notified but did not respond.

Recommendations Versions prior to 3.2.4 should be updated. As a temporary workaround, restrict access to the addCfg function until a patch is available. Avoid using the File parameter in the affected function until the issue is resolved.