CNNVD-202512-3728 Information

CNNVD ID

CNNVD-202512-3728

Related CVE

CVE-2025-66908

• CNNVD Published: 2025-12-19

Description (Chinese)

turms是turms-im开源的一个即时通讯引擎。 turms AI-Serving module v0.10.0-SNAPSHOT及之前版本存在安全漏洞，该漏洞源于OCR图像上传功能中文件类型验证不当，可能导致服务器端代码执行。

Description (English)

Turms is an instant communication engine for the turms-im open source. There is a security loophole in the turms AI-Serving Modeule v. 0.10.0-SNAPSHOT and previous versions, which stems from the inappropriate authentication of the file type in the OCR image upload function, which may lead to server end-code execution.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

turms-im

Published

2025-12-19

Last Modified

2026-02-24

References

https://github.com/Xzzz111/public_cve_report/blob/main/CVE-2025-66908_report.md https://github.com/turms-im/turms https://github.com/turms-im/turms/blob/develop/turms-ai-serving/src/main/java/im/turms/ai/domain/ocr/controller/OcrController.java https://access.redhat.com/security/cve/cve-2025-66908