CVE-2025-8965

Summary

A vulnerability has been found in linlinjava litemall up to 1.8.0. This vulnerability affects the function create of the file litemall-admin-api/src/main/java/org/linlinjava/litemall/admin/web/AdminStorageController.java of the component Endpoint. The manipulation of the argument File leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Affected Software

VendorProductVersion RangeStatus
linlinjavalitemall1.0affected
linlinjavalitemall1.1affected
linlinjavalitemall1.2affected
linlinjavalitemall1.3affected
linlinjavalitemall1.4affected
linlinjavalitemall1.5affected
linlinjavalitemall1.6affected
linlinjavalitemall1.7affected
linlinjavalitemall1.8.0affected

Weaknesses

  • CWE-434: Unrestricted Upload
  • CWE-284: Improper Access Controls

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

References