CVE-2025-6453 MEDIUM

CVE-2025-6453: diyhi bbs API ForumManageAction.java add path traversal

Vendor Diyhi

Product bbs

Weakness CWE-22 · Path traversal

Published June 22, 2025

Last update June 23, 2025

View on NVD All CVEs

CVSS base score

5.3/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

What the vulnerability does

Description

A vulnerability classified as critical has been found in diyhi bbs 6.8. Affected is the function Add of the file /src/main/java/cms/web/action/template/ForumManageAction.java of the component API. The manipulation of the argument dirName leads to path traversal. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Key dates

Disclosure timeline

June 22, 2025 CVE published

June 23, 2025 Record updated