CVE-2025-7488 Information

Jul 13, 2025 cve

Description

A vulnerability has been found in JoeyBling SpringBoot_MyBatisPlus up to a6a825513bd688f717dbae3a196bc9c9622fea26 and classified as critical. This vulnerability affects the function Download of the file /file/download. The manipulation of the argument Name leads to path traversal. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Continious delivery with rolling releases is used by this product. Therefore no version details of affected nor updated releases are available.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Reference

https://github.com/JoeyBling/SpringBoot_MyBatisPlus/issues/18 https://vuldb.com/?ctiid.316138 https://vuldb.com/?id.316138 https://vuldb.com/?submit.609343

Attack Complexity

LOW

Privileges Required

LOW

User Interaction Required

LOW

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

LOW

Availability Impact

NONE

Base Score

NONE

Base Severity

4.3

CNNVD-202507-1749 (Published: 2025-07-12)

Share on: