CVE-2025-7488 – JoeyBling SpringBoot_MyBatisPlus Remote File Path Traversal Vulnerability

July 12, 2025

CVE ID : CVE-2025-7488

Published : July 12, 2025, 8:15 p.m. | 2 hours, 27 minutes ago

Description : A vulnerability has been found in JoeyBling SpringBoot_MyBatisPlus up to a6a825513bd688f717dbae3a196bc9c9622fea26 and classified as critical. This vulnerability affects the function Download of the file /file/download. The manipulation of the argument Name leads to path traversal. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available.

Severity: 4.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-7489 – “PHPGurukul Vehicle Parking Management System SQL Injection Vulnerability”

Next Article CVE-2025-7487 – JoeyBling SpringBoot_MyBatisPlus Unrestricted File Upload Vulnerability

Designing For TV: The Evergreen Pattern That Shapes TV Experiences

Amplitude launches new self-service capabilities for marketing initiatives

Microsoft packs Visual Studio August update with smarter AI features

Optimizing PWAs For Different Display Modes

Why this $25 ratchet tool beats any multitool or Swiss Army Knife I’ve ever tested

One of my favorite sports watches from 2024 just got upgrades in all the right places

Google’s AI Mode is getting more links for you not to click on

I still prefer Apple Watch over Oura Ring for 3 key reasons – but there is one big drawback

Heartbeat Collection Method in Laravel 12.26; Wayfinder Now in React and Vue Starter Kits

Heartbeat Collection Method in Laravel 12.26; Wayfinder Now in React and Vue Starter Kits

spatie/laravel-rdap

mvanduijker/laravel-mercure-broadcaster

Geekom’s A9 Max mini PC is so good that I want to turn off my desktop gaming rig — and it’s not bad at AI, either

Geekom’s A9 Max mini PC is so good that I want to turn off my desktop gaming rig — and it’s not bad at AI, either

‘There Are No Ghosts At The Grand’ looks glorious — I’m more excited than ever for this upcoming Xbox Game Pass release

Epic Games CEO Tim Sweeney says Unreal Engine 5’s performance problems aren’t about the engine — they’re about when developers choose to optimize

CVE-2025-7488 – JoeyBling SpringBoot_MyBatisPlus Remote File Path Traversal Vulnerability

First known AI-powered ransomware uncovered by ESET Research

Blind Eagle’s Five Clusters Target Colombia Using RATs, Phishing Lures, and Dynamic DNS Infra

CVE-2025-3283 – “Apache Struts Deserialization Remote Code Execution Vulnerability”

AI Spam Threatens cURL’s Bug Bounty Program: Developer Considers Shutting It Down

Google Adds Multi-Layered Defenses to Secure GenAI from Prompt Injection Attacks

CVE-2025-46827 – Graylog HTML Form Cookie Disclosure

Chrome 136 Released With Patch For 20-Year-Old Privacy Vulnerability

These OnePlus flagship earbuds were already a great deal, but now they’re $40 off

CVE-2025-4903 – D-Link DI-7003GV2 Authentication Bypass Vulnerability

Overture Maps launches GERS, a system of unique IDs for global geospatial entities

CVE-2025-7488 – JoeyBling SpringBoot_MyBatisPlus Remote File Path Traversal Vulnerability

Related Posts