CVE-2025-66908

Name of the Vulnerable Software and Affected Versions Turms AI-Serving module versions prior to 0.10.0-SNAPSHOT

Description The software has an issue with how it handles file uploads in the OCR image upload functionality. The system does not properly check the actual content of uploaded files, relying only on the file extension and Content-Type header provided by the client. This allows an attacker to upload malicious files, such as executables or scripts, disguised as images by setting the Content-Type header to "image/*". The OcrController class, specifically in the file turms-ai-serving/src/main/java/im/turms/ai/domain/ocr/controller/OcrController.java, uses the @FormData(contentType = MediaTypeConst.IMAGE) annotation, which is insufficient for proper validation. This bypass could lead to server-side code execution, stored cross-site scripting (XSS), or information disclosure, depending on how the uploaded files are handled.

Recommendations Versions prior to 0.10.0-SNAPSHOT should be updated.