CVE-2025-15448 – cld378632668 JavaMall MinioController.java upload unrestricted upload

CVE ID : CVE-2025-15448

Published : Jan. 5, 2026, 1:15 a.m. | 1 hour, 10 minutes ago

Description : A vulnerability was found in cld378632668 JavaMall up to 994f1e2b019378ec9444cdf3fce2d5b5f72d28f0. This impacts the function Upload of the file src/main/java/com/macro/mall/controller/MinioController.java. The manipulation results in unrestricted upload. It is possible to launch the attack remotely. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. The vendor was contacted early about this disclosure but did not respond in any way.

Severity: 6.5 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE-2025-15448 – cld378632668 JavaMall MinioController.java upload unrestricted upload

تکمیل ظرفیت سرور لهستان

سرور مناسب برای ترید و ارز دیجیتال

دیتاسنتر جدید در لهستان

سرور های جدید از اسپانیا

AMD EPYC & Ryzen از کشور انگلستان

آفر های جدید AMD EPYC و AMD Ryzen

آفر سرور اختصاصی از آمریکا

افزایش قیمت دامنه های ir از ۳۱ خرداد

افزایش قیمت جهانی دامنه .com

آفر های جدید سرور اختصاصی مرداد 1403

CVE-2025-66648 – `vega-functions` vulnerable to Cross-site Scripting via `setdata` function

سرور های جدید از روسیه-وارز

تخفیف ویژه دامنه .ASIA

ثبت دامنه .IO

انتقال رایگان پسوند دامنه PW

Kerio Control 9.2.4 Build 2223

نوشته های مشابه

CVE-2025-68456 – Unauthenticated Craft CMS users can trigger a database backup

CVE-2025-69223 – AIOHTTP’s HTTP Parser auto_decompress feature is vulnerable to zip bomb

CVE-2025-68455 – Craft CMS vulnerable to potential authenticated Remote Code Execution via malicious attached Behavior

CVE-2025-68454 – Craft CMS vulnerable to potential authenticated Remote Code Execution via Twig SSTI