CVE-2025-6453

low

Description

A vulnerability classified as critical has been found in diyhi bbs 6.8. Affected is the function Add of the file /src/main/java/cms/web/action/template/ForumManageAction.java of the component API. The manipulation of the argument dirName leads to path traversal. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

References

Exploits
More

https://github.com/ShenxiuSec/cve-proofs/blob/main/POC-20250618-01.md#steps-to-reproduce

https://github.com/ShenxiuSec/cve-proofs/blob/main/POC-20250618-01.md

https://vuldb.com/?submit.598862

https://vuldb.com/?id.313560

https://vuldb.com/?ctiid.313560

Details

Source: Mitre, NVD

Published: 2025-06-22

Updated: 2025-06-22

Risk Information

CVSS v2

Base Score: 6.5

Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 6.3

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Severity: Medium

CVSS v4

Base Score: 2.1

Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Severity: Low

EPSS

EPSS: 0.00039