oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

CVE-2025-59118: Apache OFBiz: Critical Remote Command Execution via Unrestricted File Upload

From: Jacques Le Roux <jleroux () apache org>
Date: Tue, 11 Nov 2025 10:13:44 +0000
Severity: important 

Affected versions:

- Apache OFBiz before 24.09.03

Description:

Unrestricted Upload of File with Dangerous Type vulnerability in Apache OFBiz.

This issue affects Apache OFBiz: before 24.09.03.

Users are recommended to upgrade to version 24.09.03, which fixes the issue.

Credit:

RedHive Team (security () hive red) https://hive.red/en/ (finder)

References:

https://ofbiz.apache.org/download.html
https://ofbiz.apache.org/security.html
https://ofbiz.apache.org/release-notes-24.09.03.html
https://issues.apache.org/jira/browse/OFBIZ-13292
https://ofbiz.apache.org/
https://www.cve.org/CVERecord?id=CVE-2025-59118
Previous By Date Next
Previous By Thread Next

Current thread: