CVE-2025-12626
MEDIUMjeecgboot jeewx-boot <641ab52c3e1845fec39996d7794c33fb40dad1dd - Pa...
Title source: llmDescription
A security flaw has been discovered in jeecgboot jeewx-boot up to 641ab52c3e1845fec39996d7794c33fb40dad1dd. This affects the function getImgUrl of the file WxActGoldeneggsPrizesController.java. Performing manipulation of the argument imgurl results in path traversal. Remote exploitation of the attack is possible. The exploit has been released to the public and may be exploited. This product follows a rolling release approach for continuous delivery, so version details for affected or updated releases are not provided. The root cause was initially fixed but can be evaded with additional encoding.
References (5)
Core 5
Core References
Permissions Required, VDB Entry vdb-entry
technical-description
https://vuldb.com/?id.330916
Permissions Required, VDB Entry signature
permissions-required
https://vuldb.com/?ctiid.330916
Permissions Required, VDB Entry third-party-advisory
https://vuldb.com/?submit.678926
Issue Tracking issue-tracking
https://github.com/jeecgboot/jeewx-boot/issues/17
Issue Tracking exploit
issue-tracking
https://github.com/jeecgboot/jeewx-boot/issues/47
Scores
CVSS v3
4.3
EPSS
0.0030
EPSS Percentile
21.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
partial
Details
CWE
CWE-22
Status
published
Products (1)
jeecgboot/jeewx-boot
641ab52c3e1845fec39996d7794c33fb40dad1dd
Published
Nov 03, 2025
Tracked Since
Feb 18, 2026