CVE-2025-4533: JeecgBoot Document Library Upload zip unzipFile resource consumption
First published: Sun May 11 2025(Updated: )
A vulnerability classified as problematic was found in JeecgBoot up to 3.8.0. This vulnerability affects the function unzipFile of the file /jeecg-boot/airag/knowledge/doc/import/zip of the component Document Library Upload. The manipulation of the argument File leads to resource consumption. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Credit: cna@vuldb.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| JeecgBoot | <=3.8.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2025-4533?
CVE-2025-4533 is classified as a problematic vulnerability.
How do I fix CVE-2025-4533?
To fix CVE-2025-4533, you need to upgrade JeecgBoot to a version higher than 3.8.0.
What components are affected by CVE-2025-4533?
CVE-2025-4533 affects the Document Library Upload component in JeecgBoot.
What specific function is exploited in CVE-2025-4533?
The vulnerability in CVE-2025-4533 exploits the function unzipFile within the application.
Which versions of JeecgBoot are impacted by CVE-2025-4533?
CVE-2025-4533 affects JeecgBoot versions up to and including 3.8.0.
- collector/mitre-cve
- source/MITRE
- agent/title
- agent/references
- agent/weakness
- agent/type
- agent/description
- agent/first-publish-date
- agent/guess-ai
- agent/software-canonical-lookup
- agent/softwarecombine
- collector/nvd-api
- source/NVD
- agent/last-modified-date
- agent/author
- agent/severity
- agent/event
- collector/epss-latest
- source/FIRST
- agent/source
- agent/tags
- agent/epss
- vendor/jeecg
- canonical/jeecgboot