VIR Vulnerability Intelligence Relay

CVE-2025-8841

medium
Published 2025-08-11 · Modified 2026-04-29
CVSS v3
6.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
CVSS v2
6.5
VIR risk
6.1

Description

A vulnerability was identified in zlt2000 microservices-platform up to 6.0.0. Affected by this vulnerability is the function Upload of the file zlt-business/file-center/src/main/java/com/central/file/controller/FileController.java. The manipulation leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Predictions

Exploit likelihood
71%
Patch ETA

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: cna@vuldb.com — https://github.com/zlt2000/microservices-platform/issues/77#issue-3264841808

vendor Authored 2026-05-27

Vendor advisory: cna@vuldb.com — https://github.com/zlt2000/microservices-platform/issues/77

Application impact
VendorProductVersionsFixed
zlt2000microservices-platform{"endIncluding":"6.0.0"}

References

CWEs

CWE-284 CWE-434

Verify integrity in audit chain (admin only). AS-IS.