CVE-2025-8841

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2025-8841
A vulnerability was identified in zlt2000 microservices-platform up to 6.0.0. Affected by this vulnerability is the function Upload of the file zlt-business/file-center/src/main/java/com/central/file/controller/FileController.java. The manipulation leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

6.3 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 3.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact LOW

Scope UNCHANGED

6.5 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:S/C:P/I:P/A:P

Exploitability : 8.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References
Link Resource
https://github.com/zlt2000/microservices-platform/issues/77 Exploit Issue Tracking Vendor Advisory
https://github.com/zlt2000/microservices-platform/issues/77#issue-3264841808 Exploit Issue Tracking Vendor Advisory
https://vuldb.com/?ctiid.319375 Permissions Required VDB Entry
https://vuldb.com/?id.319375 Third Party Advisory VDB Entry
https://vuldb.com/?submit.623100 Third Party Advisory VDB Entry
https://github.com/zlt2000/microservices-platform/issues/77 Exploit Issue Tracking Vendor Advisory
https://github.com/zlt2000/microservices-platform/issues/77#issue-3264841808 Exploit Issue Tracking Vendor Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:zlt2000:microservices-platform:*:*:*:*:*:*:*:*
History

16 Sep 2025, 18:51

Type Values Removed Values Added
First Time Zlt2000
Zlt2000 microservices-platform
CPE cpe:2.3:a:zlt2000:microservices-platform:*:*:*:*:*:*:*:*
References () https://github.com/zlt2000/microservices-platform/issues/77 - () https://github.com/zlt2000/microservices-platform/issues/77 - Exploit, Issue Tracking, Vendor Advisory
References () https://github.com/zlt2000/microservices-platform/issues/77#issue-3264841808 - () https://github.com/zlt2000/microservices-platform/issues/77#issue-3264841808 - Exploit, Issue Tracking, Vendor Advisory
References () https://vuldb.com/?ctiid.319375 - () https://vuldb.com/?ctiid.319375 - Permissions Required, VDB Entry
References () https://vuldb.com/?id.319375 - () https://vuldb.com/?id.319375 - Third Party Advisory, VDB Entry
References () https://vuldb.com/?submit.623100 - () https://vuldb.com/?submit.623100 - Third Party Advisory, VDB Entry

11 Aug 2025, 13:15

Type Values Removed Values Added
Summary
  • (es) Se identificó una vulnerabilidad en zlt2000 microservices-platform hasta la versión 6.0.0. Esta vulnerabilidad afecta la función de carga del archivo zlt-business/file-center/src/main/java/com/central/file/controller/FileController.java. La manipulación permite una carga sin restricciones. El ataque puede ejecutarse en remoto. Se ha hecho público el exploit y puede que sea utilizado.
References () https://github.com/zlt2000/microservices-platform/issues/77 - () https://github.com/zlt2000/microservices-platform/issues/77 -
References () https://github.com/zlt2000/microservices-platform/issues/77#issue-3264841808 - () https://github.com/zlt2000/microservices-platform/issues/77#issue-3264841808 -

11 Aug 2025, 10:15

Type Values Removed Values Added
New CVE
Information

Published : 2025-08-11 10:15

Updated : 2025-09-16 18:51

NVD link : CVE-2025-8841

Mitre link : CVE-2025-8841

CVE.ORG link : CVE-2025-8841

JSON object : View

Products Affected

zlt2000

  • microservices-platform
CWE
CWE-284

Improper Access Control

CWE-434

Unrestricted Upload of File with Dangerous Type