CVE-2025-7488 – JoeyBling SpringBoot_MyBatisPlus Remote File Path Traversal Vulnerability

July 12, 2025

CVE ID : CVE-2025-7488

Published : July 12, 2025, 8:15 p.m. | 2 hours, 27 minutes ago

Description : A vulnerability has been found in JoeyBling SpringBoot_MyBatisPlus up to a6a825513bd688f717dbae3a196bc9c9622fea26 and classified as critical. This vulnerability affects the function Download of the file /file/download. The manipulation of the argument Name leads to path traversal. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available.

Severity: 4.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-7489 – “PHPGurukul Vehicle Parking Management System SQL Injection Vulnerability”

Next Article CVE-2025-7487 – JoeyBling SpringBoot_MyBatisPlus Unrestricted File Upload Vulnerability

Highlights

CVE-2024-56918 – Netbox Community XSS Vulnerability

June 24, 2025

CVE ID : CVE-2024-56918

Published : June 24, 2025, 5:15 p.m. | 1 hour, 38 minutes ago

Description : In Netbox Community 4.1.7, the login page is vulnerable to cross-site scripting (XSS), which allows a privileged, authenticated attacker to exfiltrate user input from the login form.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Designing For TV: The Evergreen Pattern That Shapes TV Experiences

Amplitude launches new self-service capabilities for marketing initiatives

Microsoft packs Visual Studio August update with smarter AI features

Optimizing PWAs For Different Display Modes

Why this $25 ratchet tool beats any multitool or Swiss Army Knife I’ve ever tested

One of my favorite sports watches from 2024 just got upgrades in all the right places

Google’s AI Mode is getting more links for you not to click on

I still prefer Apple Watch over Oura Ring for 3 key reasons – but there is one big drawback

Heartbeat Collection Method in Laravel 12.26; Wayfinder Now in React and Vue Starter Kits

Heartbeat Collection Method in Laravel 12.26; Wayfinder Now in React and Vue Starter Kits

spatie/laravel-rdap

mvanduijker/laravel-mercure-broadcaster

Geekom’s A9 Max mini PC is so good that I want to turn off my desktop gaming rig — and it’s not bad at AI, either

Geekom’s A9 Max mini PC is so good that I want to turn off my desktop gaming rig — and it’s not bad at AI, either

‘There Are No Ghosts At The Grand’ looks glorious — I’m more excited than ever for this upcoming Xbox Game Pass release

Epic Games CEO Tim Sweeney says Unreal Engine 5’s performance problems aren’t about the engine — they’re about when developers choose to optimize

CVE-2025-7488 – JoeyBling SpringBoot_MyBatisPlus Remote File Path Traversal Vulnerability

First known AI-powered ransomware uncovered by ESET Research

Blind Eagle’s Five Clusters Target Colombia Using RATs, Phishing Lures, and Dynamic DNS Infra

Revisiting Image Maps

projektgopher/whisky

Inside the Frontier of AI, WebXR & Real-Time 3D: Crafting KODE Immersive

State of CSS 2025

CVE-2024-56918 – Netbox Community XSS Vulnerability

A Complete Guide to E-Commerce Website Test Cases

Junaid Akram receive a negative impact after posting recent video

CVE-2025-46254 – Visual Composer Cross-Site Scripting (XSS)

CVE-2025-7488 – JoeyBling SpringBoot_MyBatisPlus Remote File Path Traversal Vulnerability

Related Posts