CVE-2025-8344

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2025-8344
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-8344.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2025-8344
Published
2025-07-31T02:15:27.800Z
Modified
2026-04-10T05:39:02.635545Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

A vulnerability classified as critical has been found in openviglet shio up to 0.3.8. Affected is the function shStaticFileUpload of the file shio-app/src/main/java/com/viglet/shio/api/staticfile/ShStaticFileAPI.java. The manipulation of the argument filename leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

References

Affected packages

Git / github.com/openviglet/shio

Affected ranges

Type
GIT
Repo
https://github.com/openviglet/shio
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
870790aaecb11aa0bc074ee2181c20215bc7f0f9
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "0.3.8"
        }
    ]
}

Affected versions

v0.*
v0.3.8

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-8344.json"