CVE-2025-1818: zj1983 zz ZfileAction.upload unrestricted upload
First published: Sun Mar 02 2025(Updated: )
A vulnerability, which was classified as critical, has been found in zj1983 zz up to 2024-8. This issue affects some unknown processing of the file src/main/java/com/futvan/z/system/zfile/ZfileAction.upload. The manipulation of the argument file leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Credit: cna@vuldb.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| zj1983 zz | <=2024-8 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2025-1818?
CVE-2025-1818 has been classified as critical due to its potential for unrestricted file uploads.
How do I fix CVE-2025-1818?
To fix CVE-2025-1818, ensure that file upload functionality in zj1983 zz version 2024-8 or earlier is properly validated and restricted.
What versions are affected by CVE-2025-1818?
CVE-2025-1818 affects zj1983 zz up to version 2024-8.
What kind of attack can exploit CVE-2025-1818?
CVE-2025-1818 can be exploited to perform an unrestricted file upload, potentially allowing malicious files to be uploaded to the server.
Is there a workaround for CVE-2025-1818?
A workaround for CVE-2025-1818 involves implementing file type and size restrictions on uploads until a patch can be applied.
- collector/mitre-cve
- source/MITRE
- agent/title
- agent/references
- agent/description
- agent/type
- agent/weakness
- agent/first-publish-date
- agent/guess-ai
- agent/software-canonical-lookup
- agent/softwarecombine
- collector/nvd-api
- source/NVD
- agent/last-modified-date
- agent/author
- agent/source
- agent/severity
- agent/tags
- agent/event
- vendor/zj1983
- canonical/zj1983 zz