CVE-2025-12626 MEDIUM

CVE-2025-12626: jeecgboot jeewx-boot WxActGoldeneggsPrizesController.java getImgUrl path traversal

Vendor Jeecgboot

Product jeewx-boot

Weakness CWE-22 · Path traversal

Published November 3, 2025

Last update November 3, 2025

View on NVD All CVEs

CVSS base score

5.3/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P

What the vulnerability does

Description

A security flaw has been discovered in jeecgboot jeewx-boot up to 641ab52c3e1845fec39996d7794c33fb40dad1dd. This affects the function getImgUrl of the file WxActGoldeneggsPrizesController.java. Performing manipulation of the argument imgurl results in path traversal. Remote exploitation of the attack is possible. The exploit has been released to the public and may be exploited. This product follows a rolling release approach for continuous delivery, so version details for affected or updated releases are not provided. The root cause was initially fixed but can be evaded with additional encoding.

Key dates

Disclosure timeline

November 3, 2025 CVE published

November 3, 2025 Record updated

Identifiers

CVE CVE-2025-12626

CWE CWE-22

CVSS 5.3 / MEDIUM

Affected versions

Vendor Jeecgboot

Product jeewx-boot

Affected 641ab52c3e1845fec39996d7794c33fb40dad1dd