CVE-2025-8343

Summary

A vulnerability was found in openviglet shio up to 0.3.8. It has been rated as critical. This issue affects the function shStaticFilePreUpload of the file shio-app/src/main/java/com/viglet/shio/api/staticfile/ShStaticFileAPI.java. The manipulation of the argument fileName leads to path traversal. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Affected Software

VendorProductVersion RangeStatus
openvigletshio0.3.0affected
openvigletshio0.3.1affected
openvigletshio0.3.2affected
openvigletshio0.3.3affected
openvigletshio0.3.4affected
openvigletshio0.3.5affected
openvigletshio0.3.6affected
openvigletshio0.3.7affected
openvigletshio0.3.8affected

Weaknesses

  • CWE-22: Path Traversal

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

Additional References

References