CVE-2025-4538

Published: May 11, 2025Modified: Jun 16, 2025

5.3

Vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Show more

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XShow less

Source: CNA (Secondary)

Description

A vulnerability was found in kkFileView 4.4.0. It has been classified as critical. This affects an unknown part of the file /fileUpload. The manipulation of the argument File leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Affected (1)

Products: Keking: Kkfileview

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Keking Kkfileview	Version 4.4.0

Related CWEs

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

References (5)

https://magnificent-dill-351.notion.site/Arbitrary-File-Upload-in-kkFileView-4-4-0-1e3c693918ed802581faccab9140a130

Source: cna@vuldb.com

Broken Link

https://vuldb.com/?ctiid.308283

Source: cna@vuldb.com

Permissions RequiredVDB Entry

https://vuldb.com/?id.308283

Source: cna@vuldb.com

Third Party AdvisoryVDB Entry

https://vuldb.com/?submit.566596

Source: cna@vuldb.com

Third Party AdvisoryVDB Entry

https://magnificent-dill-351.notion.site/Arbitrary-File-Upload-in-kkFileView-4-4-0-1e3c693918ed802581faccab9140a130

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

Broken Link

Timeline

No history available yet.