CVE-2025-4175 – AlanBinu007 Spring-Boot-Advanced-Projects Path Traversal Vulnerability

May 1, 2025

CVE ID : CVE-2025-4175

Published : May 1, 2025, 9:15 p.m. | 2 hours, 11 minutes ago

Description : A vulnerability, which was classified as critical, was found in AlanBinu007 Spring-Boot-Advanced-Projects up to 3.1.3. This affects the function uploadUserProfileImage of the file /Spring-Boot-Advanced-Projects-main/Project-4.SpringBoot-AWS-S3/backend/src/main/java/com/urunov/profile/UserProfileController.jav of the component Upload Profile API Endpoint. The manipulation of the argument File leads to path traversal. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Severity: 6.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-1333 – IBM MQ Container Keycloak Information Disclosure

Next Article CVE-2024-48907 – Sematell ReplyOne 7.4.3.0 allows SSRF via the appl

Highlights

CVE-2025-54132 – “Cursor Mermaid Image Exfiltration Vulnerability”

August 1, 2025

CVE ID : CVE-2025-54132

Published : Aug. 1, 2025, 11:15 p.m. | 19 minutes ago

Description : Cursor is a code editor built for programming with AI. In versions below 1.3, Mermaid (which is used to render diagrams) allows embedding images which then get rendered by Cursor in the chat box. An attacker can use this to exfiltrate sensitive information to a third-party attacker controlled server through an image fetch after successfully performing a prompt injection. A malicious model (or hallucination/backdoor) might also trigger this exploit at will. This issue requires prompt injection from malicious data (web, image upload, source code) in order to exploit. In that case, it can send sensitive information to an attacker-controlled external server. This is fixed in version 1.3.

Severity: 4.4 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Representative Line: Brace Yourself

Beyond the Pilot: A Playbook for Enterprise-Scale Agentic AI

GitHub launches MCP Registry to provide central location for trusted servers

MongoDB brings Search and Vector Search to self-managed versions of database

Distribution Release: Mauna Linux 25

Distribution Release: SparkyLinux 2025.09

Development Release: Fedora 43 Beta

Distribution Release: Murena 3.1.1

AI Momentum and Perficient’s Inclusion in Analyst Reports – Highlights From 2025 So Far

AI Momentum and Perficient’s Inclusion in Analyst Reports – Highlights From 2025 So Far

Shopping Portal using Python Django & MySQL

Perficient Earns Adobe’s Real-time CDP Specialization

Valve Survey Reveals Slight Retreat in Steam-on-Linux Share

Valve Survey Reveals Slight Retreat in Steam-on-Linux Share

Review: Elecrow’s All-in-one Starter Kit for Pico 2

FOSS Weekly #25.38: GNOME 49 Release, KDE Drama, sudo vs sudo-rs, Local AI on Android and More Linux Stuff

CVE-2025-4175 – AlanBinu007 Spring-Boot-Advanced-Projects Path Traversal Vulnerability

Cursor AI Code Editor Flaw Enables Silent Code Execution via Malicious Repositories

Introducing HybridPetya: Petya/NotPetya copycat with UEFI Secure Boot bypass

Microsoft Copilot will soon help you prioritize emails in Outlook

Google Researchers Introduced LSM-2 with Adaptive and Inherited Masking (AIM): Enabling Direct Learning from Incomplete Wearable Data

Recreating Palmer’s Draggable Product Grid with GSAP

T-Mobile’s Starlink satellite service launches in July – here’s who can get it for free

CVE-2025-54132 – “Cursor Mermaid Image Exfiltration Vulnerability”

Tailwind’s @apply Feature is Better Than it Sounds

RustoBot Botnet Exploits Router Flaws in Sophisticated Attacks

CVE-2025-9179 – “Firefox/Thunderbird GMP Memory Corruption Vulnerability”

CVE-2025-4175 – AlanBinu007 Spring-Boot-Advanced-Projects Path Traversal Vulnerability

Related Posts