CVE-2025-7488 – JoeyBling SpringBoot_MyBatisPlus Remote File Path Traversal Vulnerability

July 12, 2025

CVE ID : CVE-2025-7488

Published : July 12, 2025, 8:15 p.m. | 2 hours, 27 minutes ago

Description : A vulnerability has been found in JoeyBling SpringBoot_MyBatisPlus up to a6a825513bd688f717dbae3a196bc9c9622fea26 and classified as critical. This vulnerability affects the function Download of the file /file/download. The manipulation of the argument Name leads to path traversal. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available.

Severity: 4.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-7489 – “PHPGurukul Vehicle Parking Management System SQL Injection Vulnerability”

Next Article CVE-2025-7487 – JoeyBling SpringBoot_MyBatisPlus Unrestricted File Upload Vulnerability

Highlights

CVE-2025-53106 – Graylog API Token Privilege Escalation Vulnerability

July 2, 2025

CVE ID : CVE-2025-53106

Published : July 2, 2025, 2:15 p.m. | 1 hour, 1 minute ago

Description : Graylog is a free and open log management platform. In versions 6.2.0 to before 6.2.4 and 6.3.0-alpha.1 to before 6.3.0-rc.2, Graylog users can gain elevated privileges by creating and using API tokens for the local Administrator or any other user for whom the malicious user knows the ID. For the attack to succeed, the attacker needs a user account in Graylog. They can then proceed to issue hand-crafted requests to the Graylog REST API and exploit a weak permission check for token creation. This issue has been patched in versions 6.2.4 and 6.3.0-rc.2. A workaround involves disabling the respective configuration found in System > Configuration > Users > “Allow users to create personal access tokens”.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

This week in AI dev tools: Gemini API Batch Mode, Amazon SageMaker AI updates, and more (July 11, 2025)

JFrog finds MCP-related vulnerability, highlighting need for stronger focus on security in MCP ecosystem

8 Key Questions Every CEO Should Ask Before Hiring a Node.js Development Company in 2025

Vibe Loop: AI-native reliability engineering for the real world

DistroWatch Weekly, Issue 1130

Distribution Release: GParted Live 1.7.0-8

Distribution Release: CachyOS 250713

Most AI projects are abandoned – 5 ways to ensure your data efforts succeed

The details of TC39’s last meeting

The details of TC39’s last meeting

new Date(“wtf”) – How well do you know JavaScript’s Date class?

Francisco Bergeret Paves the Way Through Strong Leadership at Perficient

DistroWatch Weekly, Issue 1130

DistroWatch Weekly, Issue 1130

Distribution Release: GParted Live 1.7.0-8

Distribution Release: CachyOS 250713

CVE-2025-7488 – JoeyBling SpringBoot_MyBatisPlus Remote File Path Traversal Vulnerability

Critical Cisco Vulnerability in Unified CM Grants Root Access via Static Credentials

Critical Vulnerability in Anthropic’s MCP Exposes Developer Machines to Remote Exploits

CVE-2025-20996 – Samsung Smart Switch Authorization Bypass

CVE-2025-46788 – Zoom Workplace Certificate Validation Information Disclosure Vulnerability

Laravel Simple RabbitMQ Package

I managed to buy a Nintendo Switch 2 – and it’s easy to see why it’s flying off shelves

CVE-2025-53106 – Graylog API Token Privilege Escalation Vulnerability

I lost my favorite wireless earbuds for 6 months – only to find them with a big surprise

CVE-2025-4589 – WordPress Bon Toolkit Stored Cross-Site Scripting Vulnerability

CVE-2025-23252 – NVIDIA NVDebug Unrestricted Access Information Disclosure Vulnerability

CVE-2025-7488 – JoeyBling SpringBoot_MyBatisPlus Remote File Path Traversal Vulnerability

Related Posts