CVE-2025-4768 – Feng Ha Ha/MegaGao SSM-ERP and Production SSM Unrestricted File Upload Vulnerability

May 16, 2025

CVE ID : CVE-2025-4768

Published : May 16, 2025, 10:15 a.m. | 2 hours, 7 minutes ago

Description : A vulnerability classified as critical has been found in feng_ha_ha/megagao ssm-erp and production_ssm 1.0. This affects the function uploadPicture of the file PictureServiceImpl.java. The manipulation of the argument File leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. This product is distributed under two entirely different names.

Severity: 6.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-40630 – IceWarp Mail Server Open Redirection Vulnerability

Next Article CVE-2025-4767 – Defog-ai Introspect Code Injection Vulnerability

Turning User Research Into Real Organizational Change

June 2025: All AI updates from the past month

Building a culture that will drive platform engineering success

Gartner: More than 40% of agentic AI projects will be canceled in the next few years

I FINALLY got my hands on my most anticipated gaming laptop of 2025 — and it’s a 14-inch monster

This gimbal-tracking webcam has TWO cameras and a great price — but it may not be “private” enough

I spent two months using the massive Area-51 gaming rig — both a powerful beast PC and an RGB beauty queen

“Using AI is no longer optional” — Did Microsoft just make Copilot mandatory for its staff as a critical performance metric?

June report 2025

June report 2025

Make your JS functions smarter and cleaner with default parameters

Best Home Interiors in Hyderabad – Top Designers & Affordable Packages

I FINALLY got my hands on my most anticipated gaming laptop of 2025 — and it’s a 14-inch monster

I FINALLY got my hands on my most anticipated gaming laptop of 2025 — and it’s a 14-inch monster

This gimbal-tracking webcam has TWO cameras and a great price — but it may not be “private” enough

I spent two months using the massive Area-51 gaming rig — both a powerful beast PC and an RGB beauty queen

CVE-2025-4768 – Feng Ha Ha/MegaGao SSM-ERP and Production SSM Unrestricted File Upload Vulnerability

CVE-2025-6554 Actively Exploited Google Chrome Zeroday

Cyber Brief 25-07 – June 2025

Tenable Agent for Windows Vulnerability Let Attackers Login as Admin to Delete The System Files

Critical Commvault Flaw Allows Full System Takeover – Update NOW

Google Docs Can Now Edit Encrypted Word Files But Only in Beta As Of Now

CVE-2025-5846 – GitLab EE GraphQL Framework Assignment Vulnerability

What Are the Different Font Styles?

MonetDB is a high performance relational database system for analytics

Shattering Boundaries with Perficient’s Digital Expertise and Global Strategy

This app fixes the Windows 11 Start menu, and it now works with Snapdragon PCs

CVE-2025-4768 – Feng Ha Ha/MegaGao SSM-ERP and Production SSM Unrestricted File Upload Vulnerability

Related Posts