CVE-2025-4533

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2025-4533

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-4533.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-4533

Published

2025-05-11T07:15:15.430Z

Modified

2026-04-10T05:27:13.397456Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

A vulnerability classified as problematic was found in JeecgBoot up to 3.8.0. This vulnerability affects the function unzipFile of the file /jeecg-boot/airag/knowledge/doc/import/zip of the component Document Library Upload. The manipulation of the argument File leads to resource consumption. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

References

Affected packages

Git / github.com/jeecgboot/jeecg-boot

Affected ranges

Type

GIT

Repo

https://github.com/jeecgboot/jeecg-boot

Events

Introduced

Last affected

c8e33d43cbd77d0b5bbe9f791d9ace159c500627

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "3.8.0"
        }
    ]
}

Affected versions

2.*

2.2.0

2.3.0

2.4.0

2.4.1

2.4.5

v2.*

v2.0.2

v2.1.0

v2.1.1

v2.1.3

v2.1.4

v2.2.1

v2.3

v2.3.0

v2.4.1

v2.4.2

v2.4.3

v2.4.5

v2.4.6

v3.*

v3.0

v3.0.0

v3.1.0

v3.2.0

v3.4.0

v3.4.2

v3.4.3

v3.4.3last

v3.4.4

v3.4.4last

v3.5.0

v3.5.1

v3.5.1last

v3.5.3

v3.5.5

v3.5.5last

v3.6.0

v3.6.1

v3.6.2

v3.6.2last

v3.6.3

v3.6.3last

v3.7.0

v3.7.0_all

v3.7.0_all_last

v3.7.0last_springboot3

v3.7.1

v3.7.1last

v3.7.2

v3.7.3

v3.8.0

v3.8.0last

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-4533.json"