CVE-2025-3830: kuangstudy KuangSimpleBBS QuestionController.java fileUpload unrestricted upload
Description
A vulnerability was found in kuangstudy KuangSimpleBBS 1.0. It has been declared as critical. Affected by this vulnerability is the function fileUpload of the file src/main/java/com/kuang/controller/QuestionController.java. The manipulation of the argument editormd-image-file leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. In kuangstudy KuangSimpleBBS 1.0 wurde eine kritische Schwachstelle ausgemacht. Betroffen ist die Funktion fileUpload der Datei src/main/java/com/kuang/controller/QuestionController.java. Durch die Manipulation des Arguments editormd-image-file mit unbekannten Daten kann eine unrestricted upload-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk passieren. Der Exploit steht zur öffentlichen Verfügung.
Classification
CVE ID: CVE-2025-3830
CVSS Base Severity: MEDIUM
CVSS Base Score: 5.3
CVSS Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
Affected Products
Vendor: kuangstudy
Product: KuangSimpleBBS
Exploit Prediction Scoring System (EPSS)
EPSS Score: 0.04% (probability of being exploited)
EPSS Percentile: 11.2% (scored less or equal to compared to others)
EPSS Date: 2025-05-08 (when was this score calculated)
References
https://nvd.nist.gov/vuln/detail/CVE-2025-3830https://vuldb.com/?id.305737
https://vuldb.com/?ctiid.305737
https://vuldb.com/?submit.556133
https://github.com/caigo8/CVE-md/blob/main/KuangSimpeBBS/%E4%BB%BB%E6%84%8F%E6%96%87%E4%BB%B6%E4%B8%8A%E4%BC%A0.md