CVE-2025-59118

CVE-2025-59118: Apache OFBiz: Critical Remote Command Execution via Unrestricted File Upload

Vendor Apache Software Foundation

Product Apache OFBiz

Weakness CWE-434 · Unrestricted file upload

Published November 12, 2025

Last update November 12, 2025

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

Description

Unrestricted Upload of File with Dangerous Type vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.03. Users are recommended to upgrade to version 24.09.03, which fixes the issue.

Key dates

Disclosure timeline

November 12, 2025 CVE published

November 12, 2025 Record updated