Login Sign Up

CVE-2025-59118

7.3 HIGH
Remote Code Execution

📋 TL;DR

This vulnerability allows attackers to upload malicious files to Apache OFBiz servers, potentially leading to remote code execution or server compromise. It affects all Apache OFBiz installations before version 24.09.03. Organizations using vulnerable versions should prioritize patching.

💻 Affected Systems

Products:
  • Apache OFBiz
Versions: All versions before 24.09.03
Operating Systems: All platforms running Apache OFBiz
Default Config Vulnerable: ⚠️ Yes
Notes: Affects all deployment configurations unless specifically hardened against file upload vulnerabilities

📦 What is this software?

Ofbiz by Apache

View all CVEs affecting Ofbiz →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system compromise, data theft, and lateral movement within the network

🟠

Likely Case

Webshell deployment allowing persistent access, data exfiltration, and further exploitation

🟢

If Mitigated

Limited impact with proper file upload restrictions and web application firewalls in place

🌐 Internet-Facing: HIGH - Internet-facing OFBiz instances are directly exploitable without authentication
🏢 Internal Only: MEDIUM - Internal instances still vulnerable but require network access

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Based on CWE-434 pattern, exploitation typically requires minimal technical skill once details are known

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 24.09.03

Vendor Advisory: https://ofbiz.apache.org/security.html

Restart Required: Yes

Instructions:

1. Backup current OFBiz installation and data. 2. Download version 24.09.03 from https://ofbiz.apache.org/download.html. 3. Follow upgrade instructions in release notes. 4. Restart OFBiz services. 5. Verify functionality.

🔧 Temporary Workarounds

File Upload Restriction

all

Implement strict file type validation and size limits on all upload endpoints

Web Application Firewall

all

Deploy WAF rules to block malicious file upload patterns

🧯 If You Can't Patch

  • Isolate vulnerable systems from internet access and restrict internal network access
  • Implement strict file upload validation and store uploaded files outside web root with proper permissions

🔍 How to Verify

Check if Vulnerable:

Check OFBiz version in admin interface or examine version files in installation directory

Check Version:

Check OFBIZ_HOME/framework/base/config/general.properties or admin interface

Verify Fix Applied:

Confirm version is 24.09.03 or later and test file upload functionality with restricted file types

📡 Detection & Monitoring

Log Indicators:

  • Unusual file uploads to OFBiz endpoints
  • Uploads of executable file types
  • Large file uploads to unexpected paths

Network Indicators:

  • HTTP POST requests to file upload endpoints with suspicious content types
  • Traffic patterns indicating webshell communication

SIEM Query:

source="ofbiz.log" AND ("upload" OR "POST") AND ("exe" OR "php" OR "jsp" OR "war")

📊 Metadata

CVE ID: CVE-2025-59118
CVSS v3 Score: 7.3 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
CWE: CWE-434
EPSS Score: 0.17% exploit probability (38th percentile)
Published: November 12, 2025
Last Updated: November 13, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-59118, you might also want to check these:

CVE-2024-52490 10.0

This vulnerability allows attackers to upload arbitrary files, including web shells, to Pathomation ...

Same vulnerability type (CWE-434)
CVE-2024-43160 10.0

CVE-2024-43160 is an unauthenticated arbitrary file upload vulnerability in the BerqWP WordPress plu...

Same vulnerability type (CWE-434)
CVE-2024-8940 10.0

CVE-2024-8940 is a critical unrestricted file upload vulnerability in Scriptcase version 9.4.019 tha...

Same vulnerability type (CWE-434)