CVE-2025-13810

MEDIUM

jsnjfz WebStack-Guns 1.0 - Path Traversal in KaptchaController renderPicture Function

Title source: llm
STIX 2.1

Description

A vulnerability was found in jsnjfz WebStack-Guns 1.0. This affects the function renderPicture of the file src/main/java/com/jsnjfz/manage/modular/system/controller/KaptchaController.java. Performing a manipulation results in path traversal. It is possible to initiate the attack remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.

References (5)

Core 5
Core References
Third Party Advisory, VDB Entry vdb-entry technical-description
https://vuldb.com/?id.333820
Permissions Required, VDB Entry signature permissions-required
https://vuldb.com/?ctiid.333820
Third Party Advisory, VDB Entry third-party-advisory
https://vuldb.com/?submit.692080

Scores

CVSS v3 5.3
EPSS 0.0087
EPSS Percentile 54.3%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable yes
Technical Impact partial

Details

CWE
CWE-22
Status published
Products (1)
jsnjfz/webstack-guns 1.0
Published Dec 01, 2025
Tracked Since Feb 18, 2026