CVE-2025-59118

CWE-434 — Unrestricted File Upload4 documents4 sources

Severity

7.3HIGH

EPSS

0.2%

top 62.13%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apache Software Foundation Apache Ofbiz Apache Ofbiz

Timeline

PublishedNov 12

Description

Unrestricted Upload of File with Dangerous Type vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.03. Users are recommended to upgrade to version 24.09.03, which fixes the issue.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:LExploitability: 3.9 | Impact: 3.4

Affected Packages2 packages

▶NVDapache/ofbiz< 24.09.03

▶CVEListV5apache_software_foundation/apache_ofbiz< 24.09.03

🔴Vulnerability Details

CVEList

Apache OFBiz: Critical Remote Command Execution via Unrestricted File Upload↗2025-11-12

▶

GHSA

GHSA-7fmc-f7mg-gr67: Unrestricted Upload of File with Dangerous Type vulnerability in Apache OFBiz↗2025-11-12

▶

📋Vendor Advisories

Apache

Apache ofbiz: CVE-2025-59118↗

▶