CVE-2025-8753

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2025-8753
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-8753.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2025-8753
Published
2025-08-09T14:15:26.877Z
Modified
2026-04-10T05:36:26.333769Z
Severity
  • 2.1 (Low) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X CVSS Calculator
Summary
[none]
Details

A vulnerability, which was classified as critical, has been found in linlinjava litemall up to 1.8.0. Affected by this issue is the function delete of the file /admin/storage/delete of the component File Handler. The manipulation of the argument key leads to path traversal. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

References

Affected packages

Git / github.com/linlinjava/litemall

Affected ranges

Type
GIT
Repo
https://github.com/linlinjava/litemall
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
97338d20928527485650def8e7681816cc7e19f4
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.8.0"
        }
    ]
}

Affected versions

v0.*
v0.1.0
v0.10.0
v0.10.1
v0.10.2
v0.2.0
v0.3.0
v0.4.0
v0.5.0
v0.6.0
v0.7.0
v0.8.0
v0.9.0
v1.*
v1.0.0
v1.0.0.rc0
v1.0.0.rc1
v1.1.0
v1.3.0
v1.4.0
v1.5.0
v1.6.0
v1.6.1
v1.7.0
v1.8.0

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-8753.json"