CVE-2025-3381 MEDIUM

CVE-2025-3381: zhangyanbo2007 youkefu File Upload WebIMController.java path traversal

Vendor Zhangyanbo2007

Product youkefu

Weakness CWE-22 · Path traversal

Published April 7, 2025

Last update April 8, 2025

View on NVD All CVEs

CVSS base score

5.3/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

What the vulnerability does

Description

A vulnerability, which was classified as critical, was found in zhangyanbo2007 youkefu 4.2.0. This affects an unknown part of the file WebIMController.java of the component File Upload. The manipulation of the argument ID leads to path traversal. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Key dates

Disclosure timeline

April 7, 2025 CVE published

April 8, 2025 Record updated