Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
4 vulnerabilities by viglet
CVE-2025-8344 (GCVE-0-2025-8344)
Vulnerability from nvd – Published: 2025-07-31 01:32 – Updated: 2025-07-31 14:33
VLAI
Title
openviglet shio ShStaticFileAPI.java shStaticFileUpload unrestricted upload
Summary
A vulnerability classified as critical has been found in openviglet shio up to 0.3.8. Affected is the function shStaticFileUpload of the file shio-app/src/main/java/com/viglet/shio/api/staticfile/ShStaticFileAPI.java. The manipulation of the argument filename leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.318294 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.318294 | signaturepermissions-required |
| https://vuldb.com/?submit.617680 | third-party-advisory |
| https://github.com/openviglet/shio/issues/1029 | issue-tracking |
| https://github.com/openviglet/shio/issues/1029#is… | exploitissue-tracking |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| openviglet | shio |
Affected:
0.3.0
Affected: 0.3.1 Affected: 0.3.2 Affected: 0.3.3 Affected: 0.3.4 Affected: 0.3.5 Affected: 0.3.6 Affected: 0.3.7 Affected: 0.3.8 |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-8344",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-31T13:42:07.728222Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-31T14:33:44.225Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/openviglet/shio/issues/1029"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "shio",
"vendor": "openviglet",
"versions": [
{
"status": "affected",
"version": "0.3.0"
},
{
"status": "affected",
"version": "0.3.1"
},
{
"status": "affected",
"version": "0.3.2"
},
{
"status": "affected",
"version": "0.3.3"
},
{
"status": "affected",
"version": "0.3.4"
},
{
"status": "affected",
"version": "0.3.5"
},
{
"status": "affected",
"version": "0.3.6"
},
{
"status": "affected",
"version": "0.3.7"
},
{
"status": "affected",
"version": "0.3.8"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "1098024193 (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as critical has been found in openviglet shio up to 0.3.8. Affected is the function shStaticFileUpload of the file shio-app/src/main/java/com/viglet/shio/api/staticfile/ShStaticFileAPI.java. The manipulation of the argument filename leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "de",
"value": "Es wurde eine kritische Schwachstelle in openviglet shio bis 0.3.8 entdeckt. Betroffen hiervon ist die Funktion shStaticFileUpload der Datei shio-app/src/main/java/com/viglet/shio/api/staticfile/ShStaticFileAPI.java. Durch das Beeinflussen des Arguments filename mit unbekannten Daten kann eine unrestricted upload-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "Unrestricted Upload",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "Improper Access Controls",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-31T01:32:05.152Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-318294 | openviglet shio ShStaticFileAPI.java shStaticFileUpload unrestricted upload",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.318294"
},
{
"name": "VDB-318294 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.318294"
},
{
"name": "Submit #617680 | Viglet shio v0.3.8 Unrestricted Upload",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.617680"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/openviglet/shio/issues/1029"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/openviglet/shio/issues/1029#issue-3239422554"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-07-30T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-07-30T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-07-30T11:53:04.000Z",
"value": "VulDB entry last update"
}
],
"title": "openviglet shio ShStaticFileAPI.java shStaticFileUpload unrestricted upload"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-8344",
"datePublished": "2025-07-31T01:32:05.152Z",
"dateReserved": "2025-07-30T09:47:56.586Z",
"dateUpdated": "2025-07-31T14:33:44.225Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-8343 (GCVE-0-2025-8343)
Vulnerability from nvd – Published: 2025-07-31 01:02 – Updated: 2025-07-31 14:33
VLAI
Title
openviglet shio ShStaticFileAPI.java shStaticFilePreUpload path traversal
Summary
A vulnerability was found in openviglet shio up to 0.3.8. It has been rated as critical. This issue affects the function shStaticFilePreUpload of the file shio-app/src/main/java/com/viglet/shio/api/staticfile/ShStaticFileAPI.java. The manipulation of the argument fileName leads to path traversal. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-22 - Path Traversal
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.318293 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.318293 | signaturepermissions-required |
| https://vuldb.com/?submit.617679 | third-party-advisory |
| https://github.com/openviglet/shio/issues/1028 | issue-tracking |
| https://github.com/openviglet/shio/issues/1028#is… | exploitissue-tracking |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| openviglet | shio |
Affected:
0.3.0
Affected: 0.3.1 Affected: 0.3.2 Affected: 0.3.3 Affected: 0.3.4 Affected: 0.3.5 Affected: 0.3.6 Affected: 0.3.7 Affected: 0.3.8 |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-8343",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-31T13:42:11.040294Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-31T14:33:50.154Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/openviglet/shio/issues/1028"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "shio",
"vendor": "openviglet",
"versions": [
{
"status": "affected",
"version": "0.3.0"
},
{
"status": "affected",
"version": "0.3.1"
},
{
"status": "affected",
"version": "0.3.2"
},
{
"status": "affected",
"version": "0.3.3"
},
{
"status": "affected",
"version": "0.3.4"
},
{
"status": "affected",
"version": "0.3.5"
},
{
"status": "affected",
"version": "0.3.6"
},
{
"status": "affected",
"version": "0.3.7"
},
{
"status": "affected",
"version": "0.3.8"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "1098024193 (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in openviglet shio up to 0.3.8. It has been rated as critical. This issue affects the function shStaticFilePreUpload of the file shio-app/src/main/java/com/viglet/shio/api/staticfile/ShStaticFileAPI.java. The manipulation of the argument fileName leads to path traversal. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "de",
"value": "Eine Schwachstelle wurde in openviglet shio bis 0.3.8 ausgemacht. Sie wurde als kritisch eingestuft. Betroffen davon ist die Funktion shStaticFilePreUpload der Datei shio-app/src/main/java/com/viglet/shio/api/staticfile/ShStaticFileAPI.java. Durch Manipulieren des Arguments fileName mit unbekannten Daten kann eine path traversal-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 4,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "Path Traversal",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-31T01:02:06.447Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-318293 | openviglet shio ShStaticFileAPI.java shStaticFilePreUpload path traversal",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.318293"
},
{
"name": "VDB-318293 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.318293"
},
{
"name": "Submit #617679 | Viglet shio v0.3.8 Absolute Path Traversal",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.617679"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/openviglet/shio/issues/1028"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/openviglet/shio/issues/1028#issue-3239418750"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-07-30T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-07-30T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-07-30T11:53:03.000Z",
"value": "VulDB entry last update"
}
],
"title": "openviglet shio ShStaticFileAPI.java shStaticFilePreUpload path traversal"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-8343",
"datePublished": "2025-07-31T01:02:06.447Z",
"dateReserved": "2025-07-30T09:47:44.201Z",
"dateUpdated": "2025-07-31T14:33:50.154Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-8344 (GCVE-0-2025-8344)
Vulnerability from cvelistv5 – Published: 2025-07-31 01:32 – Updated: 2025-07-31 14:33
VLAI
Title
openviglet shio ShStaticFileAPI.java shStaticFileUpload unrestricted upload
Summary
A vulnerability classified as critical has been found in openviglet shio up to 0.3.8. Affected is the function shStaticFileUpload of the file shio-app/src/main/java/com/viglet/shio/api/staticfile/ShStaticFileAPI.java. The manipulation of the argument filename leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.318294 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.318294 | signaturepermissions-required |
| https://vuldb.com/?submit.617680 | third-party-advisory |
| https://github.com/openviglet/shio/issues/1029 | issue-tracking |
| https://github.com/openviglet/shio/issues/1029#is… | exploitissue-tracking |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| openviglet | shio |
Affected:
0.3.0
Affected: 0.3.1 Affected: 0.3.2 Affected: 0.3.3 Affected: 0.3.4 Affected: 0.3.5 Affected: 0.3.6 Affected: 0.3.7 Affected: 0.3.8 |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-8344",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-31T13:42:07.728222Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-31T14:33:44.225Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/openviglet/shio/issues/1029"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "shio",
"vendor": "openviglet",
"versions": [
{
"status": "affected",
"version": "0.3.0"
},
{
"status": "affected",
"version": "0.3.1"
},
{
"status": "affected",
"version": "0.3.2"
},
{
"status": "affected",
"version": "0.3.3"
},
{
"status": "affected",
"version": "0.3.4"
},
{
"status": "affected",
"version": "0.3.5"
},
{
"status": "affected",
"version": "0.3.6"
},
{
"status": "affected",
"version": "0.3.7"
},
{
"status": "affected",
"version": "0.3.8"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "1098024193 (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as critical has been found in openviglet shio up to 0.3.8. Affected is the function shStaticFileUpload of the file shio-app/src/main/java/com/viglet/shio/api/staticfile/ShStaticFileAPI.java. The manipulation of the argument filename leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "de",
"value": "Es wurde eine kritische Schwachstelle in openviglet shio bis 0.3.8 entdeckt. Betroffen hiervon ist die Funktion shStaticFileUpload der Datei shio-app/src/main/java/com/viglet/shio/api/staticfile/ShStaticFileAPI.java. Durch das Beeinflussen des Arguments filename mit unbekannten Daten kann eine unrestricted upload-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "Unrestricted Upload",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "Improper Access Controls",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-31T01:32:05.152Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-318294 | openviglet shio ShStaticFileAPI.java shStaticFileUpload unrestricted upload",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.318294"
},
{
"name": "VDB-318294 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.318294"
},
{
"name": "Submit #617680 | Viglet shio v0.3.8 Unrestricted Upload",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.617680"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/openviglet/shio/issues/1029"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/openviglet/shio/issues/1029#issue-3239422554"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-07-30T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-07-30T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-07-30T11:53:04.000Z",
"value": "VulDB entry last update"
}
],
"title": "openviglet shio ShStaticFileAPI.java shStaticFileUpload unrestricted upload"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-8344",
"datePublished": "2025-07-31T01:32:05.152Z",
"dateReserved": "2025-07-30T09:47:56.586Z",
"dateUpdated": "2025-07-31T14:33:44.225Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-8343 (GCVE-0-2025-8343)
Vulnerability from cvelistv5 – Published: 2025-07-31 01:02 – Updated: 2025-07-31 14:33
VLAI
Title
openviglet shio ShStaticFileAPI.java shStaticFilePreUpload path traversal
Summary
A vulnerability was found in openviglet shio up to 0.3.8. It has been rated as critical. This issue affects the function shStaticFilePreUpload of the file shio-app/src/main/java/com/viglet/shio/api/staticfile/ShStaticFileAPI.java. The manipulation of the argument fileName leads to path traversal. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-22 - Path Traversal
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.318293 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.318293 | signaturepermissions-required |
| https://vuldb.com/?submit.617679 | third-party-advisory |
| https://github.com/openviglet/shio/issues/1028 | issue-tracking |
| https://github.com/openviglet/shio/issues/1028#is… | exploitissue-tracking |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| openviglet | shio |
Affected:
0.3.0
Affected: 0.3.1 Affected: 0.3.2 Affected: 0.3.3 Affected: 0.3.4 Affected: 0.3.5 Affected: 0.3.6 Affected: 0.3.7 Affected: 0.3.8 |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-8343",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-31T13:42:11.040294Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-31T14:33:50.154Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/openviglet/shio/issues/1028"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "shio",
"vendor": "openviglet",
"versions": [
{
"status": "affected",
"version": "0.3.0"
},
{
"status": "affected",
"version": "0.3.1"
},
{
"status": "affected",
"version": "0.3.2"
},
{
"status": "affected",
"version": "0.3.3"
},
{
"status": "affected",
"version": "0.3.4"
},
{
"status": "affected",
"version": "0.3.5"
},
{
"status": "affected",
"version": "0.3.6"
},
{
"status": "affected",
"version": "0.3.7"
},
{
"status": "affected",
"version": "0.3.8"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "1098024193 (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in openviglet shio up to 0.3.8. It has been rated as critical. This issue affects the function shStaticFilePreUpload of the file shio-app/src/main/java/com/viglet/shio/api/staticfile/ShStaticFileAPI.java. The manipulation of the argument fileName leads to path traversal. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "de",
"value": "Eine Schwachstelle wurde in openviglet shio bis 0.3.8 ausgemacht. Sie wurde als kritisch eingestuft. Betroffen davon ist die Funktion shStaticFilePreUpload der Datei shio-app/src/main/java/com/viglet/shio/api/staticfile/ShStaticFileAPI.java. Durch Manipulieren des Arguments fileName mit unbekannten Daten kann eine path traversal-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 4,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "Path Traversal",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-31T01:02:06.447Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-318293 | openviglet shio ShStaticFileAPI.java shStaticFilePreUpload path traversal",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.318293"
},
{
"name": "VDB-318293 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.318293"
},
{
"name": "Submit #617679 | Viglet shio v0.3.8 Absolute Path Traversal",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.617679"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/openviglet/shio/issues/1028"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/openviglet/shio/issues/1028#issue-3239418750"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-07-30T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-07-30T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-07-30T11:53:03.000Z",
"value": "VulDB entry last update"
}
],
"title": "openviglet shio ShStaticFileAPI.java shStaticFilePreUpload path traversal"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-8343",
"datePublished": "2025-07-31T01:02:06.447Z",
"dateReserved": "2025-07-30T09:47:44.201Z",
"dateUpdated": "2025-07-31T14:33:50.154Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}