Vulnerability Description
A vulnerability, which was classified as critical, has been found in zhousg letao up to 7d8df0386a65228476290949e0413de48f7fbe98. This issue affects some unknown processing of the file routes\bf\product.js. The manipulation of the argument pictrdtz leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available.
CVSS Score
MEDIUM
Related Weaknesses (CWE)
References
- https://github.com/zhousg/letao/issues/13
- https://github.com/zhousg/letao/issues/13#issue-2977017027
- https://vuldb.com/?ctiid.317513
- https://vuldb.com/?id.317513
- https://vuldb.com/?submit.619740
FAQ
What is CVE-2025-8128?
CVE-2025-8128 is a vulnerability with a CVSS score of 6.3 (MEDIUM). A vulnerability, which was classified as critical, has been found in zhousg letao up to 7d8df0386a65228476290949e0413de48f7fbe98. This issue affects some unknown processing of the file routes\bf\produ...
How severe is CVE-2025-8128?
CVE-2025-8128 has been rated MEDIUM with a CVSS base score of 6.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-8128?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.