CVE-2025-4175 – AlanBinu007 Spring-Boot-Advanced-Projects Path Traversal Vulnerability

May 1, 2025

CVE ID : CVE-2025-4175

Published : May 1, 2025, 9:15 p.m. | 2 hours, 11 minutes ago

Description : A vulnerability, which was classified as critical, was found in AlanBinu007 Spring-Boot-Advanced-Projects up to 3.1.3. This affects the function uploadUserProfileImage of the file /Spring-Boot-Advanced-Projects-main/Project-4.SpringBoot-AWS-S3/backend/src/main/java/com/urunov/profile/UserProfileController.jav of the component Upload Profile API Endpoint. The manipulation of the argument File leads to path traversal. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Severity: 6.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-1333 – IBM MQ Container Keycloak Information Disclosure

Next Article CVE-2024-48907 – Sematell ReplyOne 7.4.3.0 allows SSRF via the appl

Modernizing your approach to governance, risk and compliance

ScyllaDB X Cloud’s autoscaling capabilities meet the needs of unpredictable workloads in real time

Parasoft C/C++test 2025.1, Secure Code Warrior AI Security Rules, and more – Daily News Digest

What I Wish Someone Told Me When I Was Getting Into ARIA

Hades 2 gets another major update bringing new art, godly powers, and romance as Supergiant gets ready for the game’s full release

Sam Altman says OpenAI could need a “significant fraction” of the Earth’s power for future artificial intelligence computing

Microsoft’s Windows 95 testing phase was so intense that it crashed cash registers with over $10,000 worth of software

The biggest rival for Microsoft’s Xbox Ally is Valve’s Steam Deck, not Switch 2, so stop comparing the wrong gaming handhelds

Microsoft Copilot for Power Platform

Microsoft Copilot for Power Platform

Integrate Coveo Atomic CLI-Based Hosted Search Page into Adobe Experience Manager (AEM)

Mastering TypeScript: Your Ultimate Guide to Types, Inference & Compatibility

Hades 2 gets another major update bringing new art, godly powers, and romance as Supergiant gets ready for the game’s full release

Hades 2 gets another major update bringing new art, godly powers, and romance as Supergiant gets ready for the game’s full release

Sam Altman says OpenAI could need a “significant fraction” of the Earth’s power for future artificial intelligence computing

Microsoft’s Windows 95 testing phase was so intense that it crashed cash registers with over $10,000 worth of software

CVE-2025-4175 – AlanBinu007 Spring-Boot-Advanced-Projects Path Traversal Vulnerability

CISA Flags CVE-2023-0386 as Actively Exploited Linux Kernel Privilege Escalation Threat

Linux-lek geeft aanvaller roottoegang: “organisaties moeten meteen patchen”

GitHub Availability Report: May 2025

CVE-2025-4265 – PHPGurukul Emergency Ambulance Hiring Portal SQL Injection Vulnerability

CVE-2025-32928 – ThemeGoods Altair Object Injection Vulnerability

Why Denmark is dumping Microsoft Office and Windows for LibreOffice and Linux

CVE-2025-45015 – PHPGurukul Park Ticketing Management System Cross-Site Scripting (XSS)

CVE-2025-43922 – FileWave Windows Privilege Escalation

Streamline Mass Insertions with Laravel’s fillAndInsert() Method

Meet Xata Agent: An Open Source Agent for Proactive PostgreSQL Monitoring, Automated Troubleshooting, and Seamless DevOps Integration

CVE-2025-4175 – AlanBinu007 Spring-Boot-Advanced-Projects Path Traversal Vulnerability

Related Posts