Login Sign Up

CVE-2025-8344

6.3 MEDIUM

📋 TL;DR

This critical vulnerability in openviglet shio allows remote attackers to upload arbitrary files without restrictions via the shStaticFileUpload function. Attackers can potentially upload malicious files to execute code or compromise the server. All users running shio versions up to 0.3.8 are affected.

💻 Affected Systems

Products:
  • openviglet shio
Versions: up to 0.3.8
Operating Systems: All
Default Config Vulnerable: ⚠️ Yes
Notes: Affects the static file upload functionality in the shio application

📦 What is this software?

Shio by Viglet

View all CVEs affecting Shio →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system compromise, data theft, or ransomware deployment

🟠

Likely Case

File system manipulation, web shell upload for persistent access, or denial of service

🟢

If Mitigated

Limited to file uploads within controlled directories with proper permissions

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploit details are publicly disclosed in GitHub issues, making exploitation straightforward

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 0.3.9 or later

Vendor Advisory: https://github.com/openviglet/shio/issues/1029

Restart Required: Yes

Instructions:

1. Check current shio version. 2. Update to version 0.3.9 or later. 3. Restart the shio application. 4. Verify the fix is applied.

🔧 Temporary Workarounds

Disable static file upload endpoint

all

Temporarily disable the vulnerable shStaticFileUpload API endpoint

Modify shio configuration to disable /api/staticfile/upload endpoint

Implement file upload validation

all

Add server-side validation for file extensions, MIME types, and content

Implement file validation in ShStaticFileAPI.java before processing uploads

🧯 If You Can't Patch

  • Implement strict network access controls to limit access to the upload endpoint
  • Deploy a web application firewall with file upload protection rules

🔍 How to Verify

Check if Vulnerable:

Check if shio version is 0.3.8 or earlier and if the static file upload endpoint is accessible

Check Version:

Check application properties or build files for version information

Verify Fix Applied:

Verify shio version is 0.3.9 or later and test file upload with malicious extensions

📡 Detection & Monitoring

Log Indicators:

  • Unusual file uploads with suspicious extensions (.jsp, .php, .exe)
  • Multiple failed upload attempts
  • Uploads to unexpected directories

Network Indicators:

  • HTTP POST requests to /api/staticfile/upload with unusual file types
  • Increased upload traffic

SIEM Query:

source="shio" AND (url="/api/staticfile/upload" OR method="POST") AND (file_extension IN ("jsp", "php", "exe", "sh"))

📊 Metadata

CVE ID: CVE-2025-8344
CVSS v3 Score: 6.3 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
CWE: CWE-284
EPSS Score: 0.05% exploit probability (15.4th percentile)
Published: July 31, 2025
Last Updated: September 3, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-8344, you might also want to check these:

CVE-2021-34795 10.0

This critical vulnerability in Cisco Catalyst PON Series Switches ONT web management interface allow...

Same vulnerability type (CWE-284)
CVE-2021-40113 10.0

Multiple vulnerabilities in Cisco Catalyst PON Series Switches ONT web management interface allow un...

Same vulnerability type (CWE-284)
CVE-2026-21636 10.0

A critical vulnerability in Node.js v25's experimental permission model allows attacker-controlled i...

Same vulnerability type (CWE-284)