CNNVD-202511-2197 Information

Nov 19, 2025 cve

CNNVD ID

CNNVD-202511-2197

CVE-2025-34336

CNNVD Published: 2025-11-19

Description (Chinese)

egovframe-common-components是e-Government Standard Framework Center开源的一个常用函数集合。 egovframe-common-components 4.3.1及之前版本存在安全漏洞，该漏洞源于未经验证的文件上传端点，可能导致任意文件上传。

Description (English)

egovframe-common-components are a common set of functions for e-Governance Standard Framework Center. There is a security gap in egovframe-common-components 4.3.1 and earlier versions, which stems from the uploading of unverified documents, which may lead to any uploading of documents.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

e-Government Standard Framework Center

Published

2025-11-19

Last Modified

2026-02-24

References

https://pierrekim.github.io/advisories/2025-egovframe.txt https://pierrekim.github.io/blog/2025-11-20-egovframe-2-vulnerabilities.html https://www.egovframe.go.kr/eng/sub.do?menuNo=2 https://www.vulncheck.com/advisories/egovframework-unauthenticated-file-upload-via-web-editor-image-upload-endpoints https://github.com/eGovFramework/egovframe-common-components https://access.redhat.com/security/cve/cve-2025-34336

Share on: