CVE-2025-61188
MEDIUMjeecg_boot < 3.8.2 - Path Traversal via File Upload
Title source: llmDescription
Jeecgboot versions 3.8.2 and earlier are affected by a path traversal vulnerability. This vulnerability allows attackers to upload files with system-whitelisted extensions to the system directory /opt, instead of the /opt/upFiles directory specified by the web server.
References (1)
Core 1
Core References
Exploit, Issue Tracking, Vendor Advisory
https://github.com/jeecgboot/JeecgBoot/issues/8826
Scores
CVSS v3
6.3
EPSS
0.0024
EPSS Percentile
14.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
partial
Details
CWE
CWE-24
Status
published
Products (1)
jeecg/jeecg_boot
< 3.8.2
Published
Oct 01, 2025
Tracked Since
Feb 18, 2026