CVE-2025-7864

Summary

A vulnerability was found in thinkgem JeeSite up to 5.12.0. It has been classified as critical. This affects the function Upload of the file src/main/java/com/jeesite/modules/file/web/FileUploadController.java. The manipulation leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of the patch is 3585737d21fe490ff6948d913fcbd8d99c41fc08. It is recommended to apply a patch to fix this issue.

Affected Software

VendorProductVersion RangeStatus
thinkgemJeeSite5.0affected
thinkgemJeeSite5.1affected
thinkgemJeeSite5.2affected
thinkgemJeeSite5.3affected
thinkgemJeeSite5.4affected
thinkgemJeeSite5.5affected
thinkgemJeeSite5.6affected
thinkgemJeeSite5.7affected
thinkgemJeeSite5.8affected
thinkgemJeeSite5.9affected
thinkgemJeeSite5.10affected
thinkgemJeeSite5.11affected
thinkgemJeeSite5.12.0affected

Weaknesses

  • CWE-434: Unrestricted Upload
  • CWE-284: Improper Access Controls

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

Additional References

References