CVE-2025-6108 MEDIUM

CVE-2025-6108: hansonwang99 Spring-Boot-In-Action File Upload ImageUploadService.java watermarkTest path traversal

Vendor Hansonwang99

Product Spring-Boot-In-Action

Weakness CWE-22 · Path traversal

Published June 16, 2025

Last update June 16, 2025

View on NVD All CVEs

CVSS base score

5.3/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

What the vulnerability does

Description

A vulnerability was found in hansonwang99 Spring-Boot-In-Action up to 807fd37643aa774b94fd004cc3adbd29ca17e9aa. It has been declared as critical. Affected by this vulnerability is the function watermarkTest of the file /springbt_watermark/src/main/java/cn/codesheep/springbt_watermark/service/ImageUploadService.java of the component File Upload. The manipulation of the argument filename leads to path traversal. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. The vendor was contacted early about this disclosure but did not respond in any way.

Key dates

Disclosure timeline

June 16, 2025 CVE published

June 16, 2025 Record updated

Identifiers

CVE CVE-2025-6108

CWE CWE-22

CVSS 5.3 / MEDIUM

Affected versions

Vendor Hansonwang99

Product Spring-Boot-In-Action

Affected 807fd37643aa774b94fd004cc3adbd29ca17e9aa