CVE-2025-9795

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2025-9795

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-9795.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-9795

Published

2025-09-01T21:15:29.607Z

Modified

2025-11-20T12:41:00.306521Z

Severity

5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

A vulnerability has been found in xujeff tianti 天梯 up to 2.3. The impacted element is the function ajaxUploadFile of the file src/main/java/com/jeff/tianti/controller/UploadController.java. The manipulation of the argument upfile leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

References

Affected packages

Git / github.com/xujeff/tianti

Affected ranges

Type: GIT
Repo: https://github.com/xujeff/tianti
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

dd545065a4bc685c2e9dfb8898c477bc6d194075

Affected versions

1.*

1.0.0

1.1.0

1.2.0

2.*

2.0

2.0.0

2.1.0

2.2.0

2.3