CVE-2025-4533

LOW

Jeecg Boot < 3.8.0 - Denial of Service

Title source: rule

Description

A vulnerability classified as problematic was found in JeecgBoot up to 3.8.0. This vulnerability affects the function unzipFile of the file /jeecg-boot/airag/knowledge/doc/import/zip of the component Document Library Upload. The manipulation of the argument File leads to resource consumption. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

References (6)

[Third Party Advisory, VDB Entry] https://vuldb.com/?id.308278

[Permissions Required, VDB Entry] https://vuldb.com/?ctiid.308278

[Third Party Advisory, VDB Entry] https://vuldb.com/?submit.566192

[Exploit, Issue Tracking, Third Party Advisory] https://github.com/jeecgboot/JeecgBoot/issues/8199

[Exploit, Issue Tracking, Third Party Advisory] https://github.com/jeecgboot/JeecgBoot/issues/8199#issuecomment-2834691016

[Exploit, Issue Tracking, Third Party Advisory] https://github.com/jeecgboot/JeecgBoot/issues/8199#issue-3022937633

Scores

CVSS v3 2.7

EPSS 0.0067

EPSS Percentile 71.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-400 CWE-404

Status published

Products (1)

jeecg/jeecg_boot < 3.8.0

Published May 11, 2025

Tracked Since Feb 18, 2026