CVE-2025-1834

Name of the Vulnerable Software and Affected Versions zj1983 zz versions up to 2024-8

Description A critical issue was found, affecting an unknown part of the file /resolve. The manipulation of the file argument leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Recommendations For versions up to 2024-8, consider restricting access to the /resolve file to minimize the risk of exploitation. As a temporary workaround, avoid using the file argument in the affected endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.