CVE-2025-6925 Information

Jul 01, 2025 cve

Description

A vulnerability has been found in Dromara RuoYi-Vue-Plus 5.4.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /src/main/java/org/dromara/demo/controller/MailController.java of the component Mail Handler. The manipulation of the argument filePath leads to path traversal. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Reference

https://github.com/ShenxiuSec/cve-proofs/blob/main/POC-20250620-01/report.md https://github.com/ShenxiuSec/cve-proofs/blob/main/POC-20250620-01/report.md https://github.com/ShenxiuSec/cve-proofs/blob/main/POC-20250620-01/report.md#steps-to-reproduce https://github.com/ShenxiuSec/cve-proofs/blob/main/POC-20250620-01/report.md#steps-to-reproduce https://vuldb.com/?ctiid.314437 https://vuldb.com/?id.314437 https://vuldb.com/?submit.600948

CNNVD-202506-3782 (Published: 2025-06-30)

Share on:

CVE-2025-6925 Information

Description

Reference

Related CNNVD