CVE-2025-11320

Summary

A security vulnerability has been detected in zhuimengshaonian wisdom-education up to 1.0.4. Impacted is the function uploadFile of the file src/main/java/com/education/core/controller/UploadController.java. Such manipulation of the argument File leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may be used.

Affected Software

VendorProductVersion RangeStatus
zhuimengshaonianwisdom-education1.0.0affected
zhuimengshaonianwisdom-education1.0.1affected
zhuimengshaonianwisdom-education1.0.2affected
zhuimengshaonianwisdom-education1.0.3affected
zhuimengshaonianwisdom-education1.0.4affected

Weaknesses

  • CWE-434: Unrestricted Upload
  • CWE-284: Improper Access Controls

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

References