Home > Vulnerability Database > CVE-2025-4178

Mend.io Vulnerability Database

CVE-2025-4178

Date: May 1, 2025

A vulnerability was found in xiaowei1118 java_server up to 11a5bac8f4ba1c17e4bc1b27cad6d24868500e3a on Windows and classified as critical. This issue affects some unknown processing of the file /src/main/java/com/changyu/foryou/controller/FoodController.java of the component File Upload API. The manipulation leads to path traversal. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available.

Severity Score

5.4

Related Resources (6)

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-4178

Url: https://vuldb.com/?submit.561794

Url: https://vuldb.com/?id.306797

Url: https://github.com/ShenxiuSec/cve-proofs/blob/main/POC-20250418-02.md

Url: https://vuldb.com/?ctiid.306797

Url: https://www.mend.io/vulnerability-database/CVE-2025-4178

Severity Score

5.4

Weakness Type (CWE)

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CWE-22

CVSS v3.1

Base Score:	5.4
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	LOW
Availability (A):	LOW

CVSS v2

Base Score:	5.5
Access Vector (AV):	NETWORK
Access Complexity (AC):	LOW
Authentication (AU):	SINGLE
Confidentiality (C):	NONE
Integrity (I):	PARTIAL
Availability (A):	PARTIAL
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2025-4178

Date: May 1, 2025

Severity Score

Related Resources (6)

Severity Score

Weakness Type (CWE)

CVSS v3.1

CVSS v2

Do you need more information?