CVE-2025-5171: llisoft MTA Maita Training System OpenController.java this.fileService.download unrestricted upload
Description
A vulnerability, which was classified as critical, has been found in llisoft MTA Maita Training System 4.5. This issue affects the function this.fileService.download of the file com\llisoft\controller\OpenController.java. The manipulation of the argument url leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. Eine Schwachstelle wurde in llisoft MTA Maita Training System 4.5 entdeckt. Sie wurde als kritisch eingestuft. Hierbei geht es um die Funktion this.fileService.download der Datei com\llisoft\controller\OpenController.java. Durch Manipulation des Arguments url mit unbekannten Daten kann eine unrestricted upload-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff über das Netzwerk. Der Exploit steht zur öffentlichen Verfügung.
Classification
CVE ID: CVE-2025-5171
CVSS Base Severity: MEDIUM
CVSS Base Score: 6.3
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Affected Products
Vendor: llisoft
Product: MTA Maita Training System
Exploit Prediction Scoring System (EPSS)
EPSS Score: 0.04% (probability of being exploited)
EPSS Percentile: 11.09% (scored less or equal to compared to others)
EPSS Date: 2025-06-18 (when was this score calculated)
References
https://nvd.nist.gov/vuln/detail/CVE-2025-5171https://vuldb.com/?id.310259
https://vuldb.com/?ctiid.310259
https://vuldb.com/?submit.579088
https://wx.mail.qq.com/s?k=o3X5wV0ZZH0nuusQdO