CVE-2025-4305

Summary

A vulnerability has been found in kefaming mayi up to 1.3.9 and classified as critical. This vulnerability affects the function Upload of the file app/tools/controller/File.php. The manipulation of the argument File leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Affected Software

VendorProductVersion RangeStatus
kefamingmayi1.3.0affected
kefamingmayi1.3.1affected
kefamingmayi1.3.2affected
kefamingmayi1.3.3affected
kefamingmayi1.3.4affected
kefamingmayi1.3.5affected
kefamingmayi1.3.6affected
kefamingmayi1.3.7affected
kefamingmayi1.3.8affected
kefamingmayi1.3.9affected

Weaknesses

  • CWE-434: Unrestricted Upload
  • CWE-284: Improper Access Controls

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

References