CVE-2025-9461

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2025-9461

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-9461.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-9461

Published

2025-08-26T03:15:32.073Z

Modified

2026-03-14T12:46:41.983708Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

A weakness has been identified in diyhi bbs up to 6.8. The impacted element is an unknown function of the file src/main/java/cms/web/action/filePackage/FilePackageManageAction.java of the component File Compression Handler. This manipulation of the argument idGroup causes information disclosure. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be exploited.

References

Affected packages

Git / github.com/diyhi/bbs

Affected ranges

Type

GIT

Repo

https://github.com/diyhi/bbs

Events

Introduced

Last affected

2d4ce4e8560622a066845654d3be8e6568f17f18

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "6.8"
        }
    ]
}

Affected versions

3.*

3.6

4.*

4.0

4.1

4.2

4.3

4.4

4.5

4.6

4.7

4.8

4.9

5.*

5.0

5.1

5.2

5.3

5.4

5.5

5.6

5.7

5.8

5.9

6.*

6.0

6.1

6.2

6.3

6.4

6.5

6.6

6.7

6.8

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-9461.json"