CVE-2025-7864

Source
https://cve.org/CVERecord?id=CVE-2025-7864
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-7864.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2025-7864
Published
2025-07-20T03:15:24.240Z
Modified
2026-04-10T05:37:05.201716Z
Severity
  • 5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
Summary
[none]
Details

A vulnerability was found in thinkgem JeeSite up to 5.12.0. It has been classified as critical. This affects the function Upload of the file src/main/java/com/jeesite/modules/file/web/FileUploadController.java. The manipulation leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of the patch is 3585737d21fe490ff6948d913fcbd8d99c41fc08. It is recommended to apply a patch to fix this issue.

References

Affected packages

Git / github.com/thinkgem/jeesite

Affected ranges

Type
GIT
Repo
https://github.com/thinkgem/jeesite
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Database specific
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "5.12.1"
        }
    ]
}
Type
GIT
Repo
https://github.com/thinkgem/jeesite5
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed

Affected versions

v4.*
v4.0.1
v4.0.2
v4.0.3
v4.0.4
v4.0.5
v4.0.6
v4.0.7
v4.1.0
v4.1.1
v4.1.2
v4.1.3
v4.1.4
v4.1.8
v4.1.8.1
v4.1.8.2
v4.1.9
v4.2.0
v4.2.1
v4.2.2
v4.2.3
v4.2.3.1
v4.2.3.2
v4.3.0
v4.3.0.2
v5.*
v5.0.0
v5.0.0.1
v5.0.1
v5.0.2
v5.0.3
v5.0.4
v5.1.0
v5.10.0.springboot3
v5.10.1.springboo3
v5.11.0.springboo3
v5.11.1.springboo3
v5.12.0.springboo3
v5.12.0.vue
v5.2.0
v5.2.1
v5.2.2
v5.3.0
v5.3.1
v5.3.2
v5.4.0
v5.5.0
v5.5.1
v5.5.2
v5.6.0
v5.7.0
v5.7.1
v5.8.0
v5.8.1
v5.9.0
v5.9.1
v5.9.1.springboot3
v5.9.2.springboot3

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-7864.json"