CVE-2025-0401 MEDIUM

CVE-2025-0401: 1902756969 reggie CommonController.java download path traversal

Vendor 1902756969

Product reggie

Weakness CWE-22 · Path traversal

Published January 12, 2025

Last update January 13, 2025

View on NVD All CVEs

CVSS base score

6.9/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction None

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

Description

A vulnerability classified as critical has been found in 1902756969 reggie 1.0. Affected is the function download of the file src/main/java/com/itheima/reggie/controller/CommonController.java. The manipulation of the argument name leads to path traversal. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Key dates

Disclosure timeline

January 12, 2025 CVE published

January 13, 2025 Record updated