CVE-2025-3830 MEDIUM

CVE-2025-3830: kuangstudy KuangSimpleBBS QuestionController.java fileUpload unrestricted upload

Vendor Kuangstudy

Product KuangSimpleBBS

Weakness CWE-434 · Unrestricted file upload

Published April 20, 2025

Last update April 21, 2025

View on NVD All CVEs

CVSS base score

5.3/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

What the vulnerability does

Description

A vulnerability was found in kuangstudy KuangSimpleBBS 1.0. It has been declared as critical. Affected by this vulnerability is the function fileUpload of the file src/main/java/com/kuang/controller/QuestionController.java. The manipulation of the argument editormd-image-file leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Key dates

Disclosure timeline

April 20, 2025 CVE published

April 21, 2025 Record updated