CVE-2025-15449 – cld378632668 JavaMall MinioController.java delete path traversal

CVE ID : CVE-2025-15449

Published : Jan. 5, 2026, 1:15 a.m. | 1 hour, 10 minutes ago

Description : A vulnerability was determined in cld378632668 JavaMall up to 994f1e2b019378ec9444cdf3fce2d5b5f72d28f0. Affected is the function delete of the file src/main/java/com/macro/mall/controller/MinioController.java. This manipulation of the argument objectName causes path traversal. The attack can be initiated remotely. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. The vendor was contacted early about this disclosure but did not respond in any way.

Severity: 5.5 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE-2025-15449 – cld378632668 JavaMall MinioController.java delete path traversal

تکمیل ظرفیت سرور لهستان

سرور مناسب برای ترید و ارز دیجیتال

دیتاسنتر جدید در لهستان

سرور های جدید از اسپانیا

AMD EPYC & Ryzen از کشور انگلستان

آفر های جدید AMD EPYC و AMD Ryzen

آفر سرور اختصاصی از آمریکا

افزایش قیمت دامنه های ir از ۳۱ خرداد

افزایش قیمت جهانی دامنه .com

آفر های جدید سرور اختصاصی مرداد 1403

CVE-2025-66648 – `vega-functions` vulnerable to Cross-site Scripting via `setdata` function

سرور های جدید از روسیه-وارز

تخفیف ویژه دامنه .ASIA

ثبت دامنه .IO

انتقال رایگان پسوند دامنه PW

Kerio Control 9.2.4 Build 2223

نوشته های مشابه

CVE-2025-68456 – Unauthenticated Craft CMS users can trigger a database backup

CVE-2025-69223 – AIOHTTP’s HTTP Parser auto_decompress feature is vulnerable to zip bomb

CVE-2025-68455 – Craft CMS vulnerable to potential authenticated Remote Code Execution via malicious attached Behavior

CVE-2025-68454 – Craft CMS vulnerable to potential authenticated Remote Code Execution via Twig SSTI