Security Advisory

CVE-2025-61189

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-10-01 00:00:00
Last updated 2025-10-01 20:20:03
Assigner mitre
State PUBLISHED

Description

Jeecgboot versions 3.8.2 and earlier are affected by a path traversal vulnerability. The endpoint is /sys/comment/addFile. This vulnerability allows attackers to upload files with system-whitelisted extensions to the system directory /opt, instead of the /opt/upFiles directory specified by the web server.