CVE-2025-4258: zhangyanbo2007 youkefu MediaController.java upload unrestricted upload
First published: Mon May 05 2025(Updated: )
A vulnerability, which was classified as critical, was found in zhangyanbo2007 youkefu up to 4.2.0. Affected is the function Upload of the file \youkefu-master\src\main\java\com\ukefu\webim\web\handler\resource\MediaController.java. The manipulation of the argument imgFile leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Credit: cna@vuldb.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| zhangyanbo2007 youkefu | <=4.2.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2025-4258?
CVE-2025-4258 is classified as a critical vulnerability.
Which versions of youkefu are affected by CVE-2025-4258?
CVE-2025-4258 affects zhangyanbo2007 youkefu versions up to 4.2.0.
How do I fix CVE-2025-4258?
To fix CVE-2025-4258, update to the latest version of youkefu beyond 4.2.0.
What type of vulnerability is CVE-2025-4258?
CVE-2025-4258 is a vulnerability that allows manipulation of the upload function in the MediaController.java file.
Who is the vendor of the software affected by CVE-2025-4258?
The vendor of the affected software is zhangyanbo2007.
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/references
- agent/title
- agent/type
- agent/first-publish-date
- agent/description
- agent/guess-ai
- agent/software-canonical-lookup
- agent/softwarecombine
- collector/nvd-api
- source/NVD
- agent/severity
- agent/last-modified-date
- agent/author
- agent/source
- agent/tags
- agent/event
- vendor/zhangyanbo2007
- canonical/zhangyanbo2007 youkefu