QwikSec

Security Database

CVE

CWE

Training

CVE-2025-14965

Published: Dec 19, 2025

Modified: Dec 27, 2025

PUBLISHED

CVSS v3.1

5.5

MEDIUM

Description

A vulnerability was found in 1541492390c yougou-mall up to 0a771fa817c924efe52c8fe0a9a6658eee675f9f. This impacts the function upload/delete of the file src/main/java/per/ccm/ygmall/extra/controller/ResourceController.java. Performing manipulation results in path traversal. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available.

Vendor	Product	Versions
1541492390c	yougou-mall	affected `0a771fa817c924efe52c8fe0a9a6658eee675f9f`

Weaknesses (CWE)

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:X/RC:R

Attack Vector

Adjacent

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

Low

Availability

Low

References

VDB-337600 | 1541492390c yougou-mall ResourceController.java delete path traversal

vdb-entry

technical-description

VDB-337600 | CTI Indicators (IOB, IOC, TTP, IOA)

signature

permissions-required

Submit #717732 | https://github.com/1541492390c/yougou-mall?tab=readme-ov-file yougou-mall 1.0 Upload any file

third-party-advisory

Submit #721081 | https://github.com/1541492390c/yougou-mall yougou-mall 1.0 Delete any file (Duplicate)

third-party-advisory

https://github.com/zyhzheng500-maker/cve/blob/main/yougou-mall%E4%BB%BB%E6%84%8F%E6%96%87%E4%BB%B6%E4%B8%8A%E4%BC%A0.md

related

https://github.com/zyhzheng500-maker/cve/blob/main/yougou-mall%E4%BB%BB%E6%84%8F%E6%96%87%E4%BB%B6%E5%88%A0%E9%99%A4.md

related

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.