CVE-2025-11320
📋 TL;DR
This vulnerability allows remote attackers to upload arbitrary files without restrictions in the wisdom-education application. Attackers can exploit the uploadFile function in UploadController.java to upload malicious files. All systems running wisdom-education versions up to 1.0.4 are affected.
💻 Affected Systems
- zhuimengshaonian wisdom-education
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Remote code execution leading to complete system compromise, data theft, or ransomware deployment.
Likely Case
Malicious file upload enabling web shell installation, data exfiltration, or lateral movement.
If Mitigated
Limited impact with proper file validation and access controls in place.
🎯 Exploit Status
Public exploit documentation available; attack requires minimal technical skill.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Unknown
Vendor Advisory: None available
Restart Required: Yes
Instructions:
1. Monitor vendor for official patch. 2. Apply patch when available. 3. Restart application services.
🔧 Temporary Workarounds
Implement File Upload Validation
allAdd server-side validation for file types, extensions, and content.
Modify UploadController.java to validate file extensions and MIME types
Restrict Upload Directory Permissions
linuxSet upload directory to read-only for web server and prevent execution.
chmod 644 /path/to/upload/directory/*
chown root:root /path/to/upload/directory
🧯 If You Can't Patch
- Disable file upload functionality entirely if not required
- Implement WAF rules to block suspicious upload requests
🔍 How to Verify
Check if Vulnerable:
Check application version in pom.xml or manifest; if version ≤1.0.4, vulnerable.Check Version:
grep -i version pom.xml || find . -name '*.jar' -exec jar tf {} \; | grep MANIFEST.MFVerify Fix Applied:
Test file upload with restricted extensions; malicious files should be rejected.📡 Detection & Monitoring
Log Indicators:
- Unusual file uploads with non-standard extensions
- Multiple failed upload attempts
- Uploads to unexpected directories
Network Indicators:
- HTTP POST requests to upload endpoints with executable files
- Unusual traffic patterns to upload URLs
SIEM Query:
source="application.log" AND ("uploadFile" OR "UploadController") AND ("php" OR "jsp" OR "exe" OR "sh")🔗 References
- https://github.com/xkalami-Tta0/CVE/blob/main/wisdom-education/%E5%89%8D%E5%8F%B0%E4%BB%BB%E6%84%8F%E6%96%87%E4%BB%B6%E4%B8%8A%E4%BC%A0.md
- https://github.com/xkalami-Tta0/CVE/blob/main/wisdom-education/%E5%89%8D%E5%8F%B0%E4%BB%BB%E6%84%8F%E6%96%87%E4%BB%B6%E4%B8%8A%E4%BC%A0.md#vulnerability-reproduction
- https://vuldb.com/?ctiid.327201
- https://vuldb.com/?id.327201
- https://vuldb.com/?submit.664392
