CVE-2025-4533 (GCVE-0-2025-4533)
Vulnerability from cvelistv5
Published
2025-05-11 06:31
Modified
2025-05-12 13:39
Severity ?
5.1 (Medium) - CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2.7 (Low) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L
2.7 (Low) - CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L
CWE
Summary
A vulnerability classified as problematic was found in JeecgBoot up to 3.8.0. This vulnerability affects the function unzipFile of the file /jeecg-boot/airag/knowledge/doc/import/zip of the component Document Library Upload. The manipulation of the argument File leads to resource consumption. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
References
cna@vuldb.com https://github.com/jeecgboot/JeecgBoot/issues/8199 Exploit, Issue Tracking, Third Party Advisory
cna@vuldb.com https://github.com/jeecgboot/JeecgBoot/issues/8199#issue-3022937633 Exploit, Issue Tracking, Third Party Advisory
cna@vuldb.com https://github.com/jeecgboot/JeecgBoot/issues/8199#issuecomment-2834691016 Exploit, Issue Tracking, Third Party Advisory
cna@vuldb.com https://vuldb.com/?ctiid.308278 Permissions Required, VDB Entry
cna@vuldb.com https://vuldb.com/?id.308278 Third Party Advisory, VDB Entry
cna@vuldb.com https://vuldb.com/?submit.566192 Third Party Advisory, VDB Entry
Impacted products
Vendor Product Version
n/a JeecgBoot Version: 3.0
Version: 3.1
Version: 3.2
Version: 3.3
Version: 3.4
Version: 3.5
Version: 3.6
Version: 3.7
Version: 3.8.0
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-4533",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-05-12T13:38:45.446655Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-05-12T13:39:06.588Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "modules": [
            "Document Library Upload"
          ],
          "product": "JeecgBoot",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "3.0"
            },
            {
              "status": "affected",
              "version": "3.1"
            },
            {
              "status": "affected",
              "version": "3.2"
            },
            {
              "status": "affected",
              "version": "3.3"
            },
            {
              "status": "affected",
              "version": "3.4"
            },
            {
              "status": "affected",
              "version": "3.5"
            },
            {
              "status": "affected",
              "version": "3.6"
            },
            {
              "status": "affected",
              "version": "3.7"
            },
            {
              "status": "affected",
              "version": "3.8.0"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "lem0n817 (VulDB User)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability classified as problematic was found in JeecgBoot up to 3.8.0. This vulnerability affects the function unzipFile of the file /jeecg-boot/airag/knowledge/doc/import/zip of the component Document Library Upload. The manipulation of the argument File leads to resource consumption. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used."
        },
        {
          "lang": "de",
          "value": "In JeecgBoot bis 3.8.0 wurde eine Schwachstelle entdeckt. Sie wurde als problematisch eingestuft. Dabei geht es um die Funktion unzipFile der Datei /jeecg-boot/airag/knowledge/doc/import/zip der Komponente Document Library Upload. Durch die Manipulation des Arguments File mit unbekannten Daten kann eine resource consumption-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "baseScore": 5.1,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
            "version": "4.0"
          }
        },
        {
          "cvssV3_1": {
            "baseScore": 2.7,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 2.7,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 3.3,
            "vectorString": "AV:N/AC:L/Au:M/C:N/I:N/A:P",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-400",
              "description": "Resource Consumption",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-404",
              "description": "Denial of Service",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-11T06:31:04.456Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "name": "VDB-308278 | JeecgBoot Document Library Upload zip unzipFile resource consumption",
          "tags": [
            "vdb-entry",
            "technical-description"
          ],
          "url": "https://vuldb.com/?id.308278"
        },
        {
          "name": "VDB-308278 | CTI Indicators (IOB, IOC, TTP, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/?ctiid.308278"
        },
        {
          "name": "Submit #566192 | guojusoft JeecgBoot v3.8.0 Resource Consumption",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/?submit.566192"
        },
        {
          "tags": [
            "issue-tracking"
          ],
          "url": "https://github.com/jeecgboot/JeecgBoot/issues/8199"
        },
        {
          "tags": [
            "issue-tracking"
          ],
          "url": "https://github.com/jeecgboot/JeecgBoot/issues/8199#issuecomment-2834691016"
        },
        {
          "tags": [
            "exploit",
            "issue-tracking"
          ],
          "url": "https://github.com/jeecgboot/JeecgBoot/issues/8199#issue-3022937633"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2025-05-10T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2025-05-10T02:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2025-05-10T07:56:31.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "JeecgBoot Document Library Upload zip unzipFile resource consumption"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2025-4533",
    "datePublished": "2025-05-11T06:31:04.456Z",
    "dateReserved": "2025-05-10T05:49:33.651Z",
    "dateUpdated": "2025-05-12T13:39:06.588Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-4533\",\"sourceIdentifier\":\"cna@vuldb.com\",\"published\":\"2025-05-11T07:15:15.430\",\"lastModified\":\"2025-12-31T01:00:06.310\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A vulnerability classified as problematic was found in JeecgBoot up to 3.8.0. This vulnerability affects the function unzipFile of the file /jeecg-boot/airag/knowledge/doc/import/zip of the component Document Library Upload. The manipulation of the argument File leads to resource consumption. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.\"},{\"lang\":\"es\",\"value\":\"Se encontr\u00f3 una vulnerabilidad clasificada como problem\u00e1tica en JeecgBoot hasta la versi\u00f3n 3.8.0. Esta vulnerabilidad afecta la funci\u00f3n unzipFile del archivo /jeecg-boot/airag/knowledge/doc/import/zip del componente Document Library Upload. La manipulaci\u00f3n del argumento File provoca el consumo de recursos. El ataque puede ejecutarse en remoto. Se ha hecho p\u00fablico el exploit y puede que sea utilizado.\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"cna@vuldb.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":5.1,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"NONE\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"vulnConfidentialityImpact\":\"NONE\",\"vulnIntegrityImpact\":\"NONE\",\"vulnAvailabilityImpact\":\"LOW\",\"subConfidentialityImpact\":\"NONE\",\"subIntegrityImpact\":\"NONE\",\"subAvailabilityImpact\":\"NONE\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}],\"cvssMetricV31\":[{\"source\":\"cna@vuldb.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L\",\"baseScore\":2.7,\"baseSeverity\":\"LOW\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":1.2,\"impactScore\":1.4},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"cna@vuldb.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:M/C:N/I:N/A:P\",\"baseScore\":3.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"MULTIPLE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"LOW\",\"exploitabilityScore\":6.4,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"cna@vuldb.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-400\"},{\"lang\":\"en\",\"value\":\"CWE-404\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:jeecg:jeecg_boot:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"3.8.0\",\"matchCriteriaId\":\"F8DA77D9-1524-4A19-8F61-479B442831F8\"}]}]}],\"references\":[{\"url\":\"https://github.com/jeecgboot/JeecgBoot/issues/8199\",\"source\":\"cna@vuldb.com\",\"tags\":[\"Exploit\",\"Issue Tracking\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/jeecgboot/JeecgBoot/issues/8199#issue-3022937633\",\"source\":\"cna@vuldb.com\",\"tags\":[\"Exploit\",\"Issue Tracking\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/jeecgboot/JeecgBoot/issues/8199#issuecomment-2834691016\",\"source\":\"cna@vuldb.com\",\"tags\":[\"Exploit\",\"Issue Tracking\",\"Third Party Advisory\"]},{\"url\":\"https://vuldb.com/?ctiid.308278\",\"source\":\"cna@vuldb.com\",\"tags\":[\"Permissions Required\",\"VDB Entry\"]},{\"url\":\"https://vuldb.com/?id.308278\",\"source\":\"cna@vuldb.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://vuldb.com/?submit.566192\",\"source\":\"cna@vuldb.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]}]}}",
    "vulnrichment": {
      "containers": "{\"cna\": {\"title\": \"JeecgBoot Document Library Upload zip unzipFile resource consumption\", \"credits\": [{\"lang\": \"en\", \"type\": \"reporter\", \"value\": \"lem0n817 (VulDB User)\"}], \"metrics\": [{\"cvssV4_0\": {\"version\": \"4.0\", \"baseScore\": 5.1, \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N\"}}, {\"cvssV3_1\": {\"version\": \"3.1\", \"baseScore\": 2.7, \"baseSeverity\": \"LOW\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L\"}}, {\"cvssV3_0\": {\"version\": \"3.0\", \"baseScore\": 2.7, \"baseSeverity\": \"LOW\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L\"}}, {\"cvssV2_0\": {\"version\": \"2.0\", \"baseScore\": 3.3, \"vectorString\": \"AV:N/AC:L/Au:M/C:N/I:N/A:P\"}}], \"affected\": [{\"vendor\": \"n/a\", \"modules\": [\"Document Library Upload\"], \"product\": \"JeecgBoot\", \"versions\": [{\"status\": \"affected\", \"version\": \"3.0\"}, {\"status\": \"affected\", \"version\": \"3.1\"}, {\"status\": \"affected\", \"version\": \"3.2\"}, {\"status\": \"affected\", \"version\": \"3.3\"}, {\"status\": \"affected\", \"version\": \"3.4\"}, {\"status\": \"affected\", \"version\": \"3.5\"}, {\"status\": \"affected\", \"version\": \"3.6\"}, {\"status\": \"affected\", \"version\": \"3.7\"}, {\"status\": \"affected\", \"version\": \"3.8.0\"}]}], \"timeline\": [{\"lang\": \"en\", \"time\": \"2025-05-10T00:00:00.000Z\", \"value\": \"Advisory disclosed\"}, {\"lang\": \"en\", \"time\": \"2025-05-10T02:00:00.000Z\", \"value\": \"VulDB entry created\"}, {\"lang\": \"en\", \"time\": \"2025-05-10T07:56:31.000Z\", \"value\": \"VulDB entry last update\"}], \"references\": [{\"url\": \"https://vuldb.com/?id.308278\", \"name\": \"VDB-308278 | JeecgBoot Document Library Upload zip unzipFile resource consumption\", \"tags\": [\"vdb-entry\", \"technical-description\"]}, {\"url\": \"https://vuldb.com/?ctiid.308278\", \"name\": \"VDB-308278 | CTI Indicators (IOB, IOC, TTP, IOA)\", \"tags\": [\"signature\", \"permissions-required\"]}, {\"url\": \"https://vuldb.com/?submit.566192\", \"name\": \"Submit #566192 | guojusoft JeecgBoot v3.8.0 Resource Consumption\", \"tags\": [\"third-party-advisory\"]}, {\"url\": \"https://github.com/jeecgboot/JeecgBoot/issues/8199\", \"tags\": [\"issue-tracking\"]}, {\"url\": \"https://github.com/jeecgboot/JeecgBoot/issues/8199#issuecomment-2834691016\", \"tags\": [\"issue-tracking\"]}, {\"url\": \"https://github.com/jeecgboot/JeecgBoot/issues/8199#issue-3022937633\", \"tags\": [\"exploit\", \"issue-tracking\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"A vulnerability classified as problematic was found in JeecgBoot up to 3.8.0. This vulnerability affects the function unzipFile of the file /jeecg-boot/airag/knowledge/doc/import/zip of the component Document Library Upload. The manipulation of the argument File leads to resource consumption. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.\"}, {\"lang\": \"de\", \"value\": \"In JeecgBoot bis 3.8.0 wurde eine Schwachstelle entdeckt. Sie wurde als problematisch eingestuft. Dabei geht es um die Funktion unzipFile der Datei /jeecg-boot/airag/knowledge/doc/import/zip der Komponente Document Library Upload. Durch die Manipulation des Arguments File mit unbekannten Daten kann eine resource consumption-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \\u00fcber das Netzwerk erfolgen. Der Exploit steht zur \\u00f6ffentlichen Verf\\u00fcgung.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-400\", \"description\": \"Resource Consumption\"}]}, {\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-404\", \"description\": \"Denial of Service\"}]}], \"providerMetadata\": {\"orgId\": \"1af790b2-7ee1-4545-860a-a788eba489b5\", \"shortName\": \"VulDB\", \"dateUpdated\": \"2025-05-11T06:31:04.456Z\"}}, \"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-4533\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-05-12T13:38:45.446655Z\"}}}], \"providerMetadata\": {\"shortName\": \"CISA-ADP\", \"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"dateUpdated\": \"2025-05-12T13:38:53.339Z\"}}]}",
      "cveMetadata": "{\"cveId\": \"CVE-2025-4533\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-05-11T06:31:04.456Z\", \"dateReserved\": \"2025-05-10T05:49:33.651Z\", \"assignerOrgId\": \"1af790b2-7ee1-4545-860a-a788eba489b5\", \"datePublished\": \"2025-05-11T06:31:04.456Z\", \"assignerShortName\": \"VulDB\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.