CVE-2025-4893 – Jammy928 CoinExchange CryptoExchange Java File Upload Path Traversal Vulnerability

May 18, 2025

CVE ID : CVE-2025-4893

Published : May 18, 2025, 8:15 p.m. | 4 hours, 9 minutes ago

Description : A vulnerability classified as critical has been found in jammy928 CoinExchange_CryptoExchange_Java up to 8adf508b996020d3efbeeb2473d7235bd01436fa. This affects the function uploadLocalImage of the file /CoinExchange_CryptoExchange_Java-master/00_framework/core/src/main/java/com/bizzan/bitrade/util/UploadFileUtil.java of the component File Upload Endpoint. The manipulation of the argument filename leads to path traversal. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. This product does not use versioning. This is why information about affected and unaffected releases are unavailable.

Severity: 6.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-4895 – SourceCodester Doctors Appointment System SQL Injection Vulnerability

Next Article CVE-2025-4894 – Calmkart Django-sso-server RSA Key Encryption Weakness

Mirantis reveals Lens Prism, an AI copilot for operating Kubernetes clusters

Avoid these common platform engineering mistakes

Full-Stack Techies vs Toptal: Which Is Better for React.js Outsourcing?

The AI productivity paradox in software engineering: Balancing efficiency and human skill retention

Microsoft Gaming studios head Matt Booty says “overall portfolio strategy is unchanged” — with more than 40 games in production

Capcom reports that its Steam game sales have risen massively — despite flagship titles like Monster Hunter Wilds receiving profuse backlash from PC players

Cloudflare is fighting to safeguard “the future of the web itself” — standing directly in the way of leading AI firms

Microsoft reportedly lacks the know-how to fully leverage OpenAI’s tech — despite holding IP rights

PHP 8.5.0 Alpha 1 available for testing

PHP 8.5.0 Alpha 1 available for testing

Recording cross browser compatible media

Celebrating Perficient’s Third Databricks Champion

Microsoft Gaming studios head Matt Booty says “overall portfolio strategy is unchanged” — with more than 40 games in production

Microsoft Gaming studios head Matt Booty says “overall portfolio strategy is unchanged” — with more than 40 games in production

Capcom reports that its Steam game sales have risen massively — despite flagship titles like Monster Hunter Wilds receiving profuse backlash from PC players

Cloudflare is fighting to safeguard “the future of the web itself” — standing directly in the way of leading AI firms

CVE-2025-4893 – Jammy928 CoinExchange CryptoExchange Java File Upload Path Traversal Vulnerability

Critical Lucee Flaw (CVE-2025-34074, CVSS 9.4): Authenticated RCE Via Scheduled Task Abuse, Metasploit Module Out

Exposed JDWP Debug Ports Under Attack: Cryptominers Infiltrating Java Apps in Hours

CVE-2025-48121 – Steve Puddick WP Notes Widget Cross-site Scripting

The easiest way to try out Ubuntu Linux

Windows 11 KB5055523 install fails, Windows Hello not working (April 2025 Update issues)

Cisco waarschuwt voor kritiek Erlang/OTP SSH-lek in eigen producten

CVE-2025-48125 – WP Event Manager PHP Remote File Inclusion Vulnerability

CVE-2025-52877 – JetBrains TeamCity Reflected XSS Vulnerability

The Ampere Porting Advisor Tutorial

Develop a Multi-Tool AI Agent with Secure Python Execution using Riza and Gemini

CVE-2025-4893 – Jammy928 CoinExchange CryptoExchange Java File Upload Path Traversal Vulnerability

Related Posts