CVE-2025-0401

MEDIUM

Reggie 1.0 - Path Traversal

Title source: llm

Description

A vulnerability classified as critical has been found in 1902756969 reggie 1.0. Affected is the function download of the file src/main/java/com/itheima/reggie/controller/CommonController.java. The manipulation of the argument name leads to path traversal. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Exploits (3)

nomisec WORKING POC 36 stars

by JoasASantos · poc

https://github.com/JoasASantos/CVE-2025-0401

View Code ZIP pw:eip

nomisec WORKING POC 36 stars

by CyberSecurityUP · poc

https://github.com/CyberSecurityUP/CVE-2025-0401

View Code ZIP pw:eip

nomisec WORKING POC 1 stars

by Darabium · poc

https://github.com/Darabium/Gombruc

View Code ZIP pw:eip

References (5)

[Third Party Advisory, VDB Entry] https://vuldb.com/?id.291276

[Permissions Required, VDB Entry] https://vuldb.com/?ctiid.291276

[Third Party Advisory, VDB Entry] https://vuldb.com/?submit.473322

[Issue Tracking] https://github.com/1902756969/reggie/issues/1

[Not Applicable] https://github.com/1902756969/reggie/issues/1#issue-2765577260

Scores

CVSS v3 5.3

EPSS 0.0018

EPSS Percentile 39.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact partial

Details

CWE

CWE-22

Status published

Products (1)

1902756969/reggie 1.0

Published Jan 13, 2025

Tracked Since Feb 18, 2026