CVE-2025-4511
Description
A vulnerability was found in vector4wang spring-boot-quick up to 20250422. It has been rated as critical. This issue affects the function ResponseEntity of the file /spring-boot-quick-master/quick-img2txt/src/main/java/com/quick/controller/Img2TxtController.java of the component quick-img2txt. The manipulation leads to path traversal. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CWE
- CWE-22 — Path Traversal
Affected
- vector4wang / spring-boot-quick — v=20250422 [affected]
CVSS
- 4.0 score=5.3 severity=MEDIUM
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N - 3.1 score=6.3 severity=MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L - 3.0 score=6.3 severity=MEDIUM
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L - 2.0 score=6.5 severity=
AV:N/AC:L/Au:S/C:P/I:P/A:P
References
- https://vuldb.com/?id.308231 vdb-entry, technical-description
- https://vuldb.com/?ctiid.308231 signature, permissions-required
- https://vuldb.com/?submit.563538 third-party-advisory
- https://github.com/ShenxiuSec/cve-proofs/blob/main/POC-20250422-01.md exploit
Source
cvelistV5-main/cves/2025/4xxx/CVE-2025-4511.json