Detections
Analytics

CVE-2025-7864

low

Description

A vulnerability was found in thinkgem JeeSite up to 5.12.0. It has been classified as critical. This affects the function Upload of the file src/main/java/com/jeesite/modules/file/web/FileUploadController.java. The manipulation leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of the patch is 3585737d21fe490ff6948d913fcbd8d99c41fc08. It is recommended to apply a patch to fix this issue.

References

https://vuldb.com/?submit.618189

https://vuldb.com/?id.316977

https://vuldb.com/?ctiid.316977

https://github.com/thinkgem/jeesite5/issues/31#issuecomment-3051363397

https://github.com/thinkgem/jeesite5/issues/31

https://github.com/thinkgem/jeesite5/commit/3585737d21fe490ff6948d913fcbd8d99c41fc08

Details

Source: Mitre, NVD

Published: 2025-07-20

Updated: 2025-07-22

Risk Information

CVSS v2

Base Score: 6.5

Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 6.3

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Severity: Medium

CVSS v4

Base Score: 2.1

Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Severity: Low

EPSS

EPSS: 0.00043