CVE-2025-15152 MEDIUM

CVE-2025-15152: h-moses moga-mall PmsProductController.java addProduct unrestricted upload

Vendor H-Moses

Product moga-mall

Weakness CWE-434 · Unrestricted file upload

Published December 28, 2025

Last update December 29, 2025

View on NVD All CVEs

CVSS base score

5.3/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X

What the vulnerability does

Description

A vulnerability was identified in h-moses moga-mall up to 392d631a5ef15962a9bddeeb9f1269b9085473fa. This vulnerability affects the function addProduct of the file src/main/java/com/ms/product/controller/PmsProductController.java. Such manipulation of the argument objectName leads to unrestricted upload. The attack may be performed from remote. This product utilizes a rolling release system for continuous delivery, and as such, version information for affected or updated releases is not disclosed.

Key dates

Disclosure timeline

December 28, 2025 CVE published

December 29, 2025 Record updated

Identifiers

CVE CVE-2025-15152

CWE CWE-434

CVSS 5.3 / MEDIUM

Affected versions

Vendor H-Moses

Product moga-mall

Affected 392d631a5ef15962a9bddeeb9f1269b9085473fa