CVE-2025-4259: newbee-mall UploadController.java upload unrestricted upload
First published: Mon May 05 2025(Updated: )
A vulnerability has been found in newbee-mall 1.0 and classified as critical. Affected by this vulnerability is the function Upload of the file ltd/newbee/mall/controller/common/UploadController.java. The manipulation of the argument File leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This product does not use versioning. This is why information about affected and unaffected releases are unavailable.
Credit: cna@vuldb.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| newbee-mall |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2025-4259?
CVE-2025-4259 is classified as a critical vulnerability.
How do I fix CVE-2025-4259?
To fix CVE-2025-4259, implement input validation and restrict file uploads to only permitted file types.
What is the impact of exploiting CVE-2025-4259?
Exploitation of CVE-2025-4259 can lead to unrestricted file uploads, potentially allowing attackers to execute arbitrary code.
Which versions of newbee-mall are affected by CVE-2025-4259?
CVE-2025-4259 affects newbee-mall version 1.0.
What component of newbee-mall is vulnerable in CVE-2025-4259?
The vulnerability in CVE-2025-4259 is found in the Upload function of UploadController.java.
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/title
- agent/references
- agent/type
- agent/description
- agent/first-publish-date
- agent/guess-ai
- agent/software-canonical-lookup
- agent/softwarecombine
- collector/nvd-api
- source/NVD
- agent/last-modified-date
- agent/author
- agent/source
- agent/severity
- agent/tags
- agent/event
- vendor/newbee-mall
- canonical/newbee-mall