CVE-2025-8344

Summary

A vulnerability classified as critical has been found in openviglet shio up to 0.3.8. Affected is the function shStaticFileUpload of the file shio-app/src/main/java/com/viglet/shio/api/staticfile/ShStaticFileAPI.java. The manipulation of the argument filename leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Affected Software

VendorProductVersion RangeStatus
openvigletshio0.3.0affected
openvigletshio0.3.1affected
openvigletshio0.3.2affected
openvigletshio0.3.3affected
openvigletshio0.3.4affected
openvigletshio0.3.5affected
openvigletshio0.3.6affected
openvigletshio0.3.7affected
openvigletshio0.3.8affected

Weaknesses

  • CWE-434: Unrestricted Upload
  • CWE-284: Improper Access Controls

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

Additional References

References