Vulnerability Description
A vulnerability has been found in xujeff tianti 天梯 up to 2.3. The impacted element is the function ajaxUploadFile of the file src/main/java/com/jeff/tianti/controller/UploadController.java. The manipulation of the argument upfile leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Tianti Project | Tianti | <= 2.3 |
Related Weaknesses (CWE)
References
- https://github.com/xujeff/tianti/issues/43ExploitIssue Tracking
- https://github.com/xujeff/tianti/issues/43#issue-3287851827Exploit
- https://vuldb.com/?ctiid.322110Permissions RequiredVDB Entry
- https://vuldb.com/?id.322110Third Party AdvisoryVDB Entry
- https://vuldb.com/?submit.641122Third Party AdvisoryVDB Entry
- https://github.com/xujeff/tianti/issues/43ExploitIssue Tracking
- https://github.com/xujeff/tianti/issues/43#issue-3287851827Exploit
FAQ
What is CVE-2025-9795?
CVE-2025-9795 is a vulnerability with a CVSS score of 6.3 (MEDIUM). A vulnerability has been found in xujeff tianti 天梯 up to 2.3. The impacted element is the function ajaxUploadFile of the file src/main/java/com/jeff/tianti/controller/UploadController.java. The manipu...
How severe is CVE-2025-9795?
CVE-2025-9795 has been rated MEDIUM with a CVSS base score of 6.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-9795?
Check the references section above for vendor advisories and patch information. Affected products include: Tianti Project Tianti.