CVE-2025-4893 MEDIUM

CVE-2025-4893: jammy928 CoinExchange_CryptoExchange_Java File Upload Endpoint UploadFileUtil.java uploadLocalImage path traversal

Vendor Jammy928

Product CoinExchange_CryptoExchange_Java

Weakness CWE-22 · Path traversal

Published May 18, 2025

Last update May 19, 2025

View on NVD All CVEs

CVSS base score

5.3/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

What the vulnerability does

Description

A vulnerability classified as critical has been found in jammy928 CoinExchange_CryptoExchange_Java up to 8adf508b996020d3efbeeb2473d7235bd01436fa. This affects the function uploadLocalImage of the file /CoinExchange_CryptoExchange_Java-master/00_framework/core/src/main/java/com/bizzan/bitrade/util/UploadFileUtil.java of the component File Upload Endpoint. The manipulation of the argument filename leads to path traversal. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. This product does not use versioning. This is why information about affected and unaffected releases are unavailable.

Key dates

Disclosure timeline

May 18, 2025 CVE published

May 19, 2025 Record updated

Identifiers

CVE CVE-2025-4893

CWE CWE-22

CVSS 5.3 / MEDIUM

Affected versions

Vendor Jammy928

Product CoinExchange_CryptoExchange_Java

Affected 8adf508b996020d3efbeeb2473d7235bd01436fa