CVE-2025-8343CRITICAL 9.8EPSS p51.4%

CVE-2025-8343CVE-2025-8343

Description

A vulnerability was found in openviglet shio up to 0.3.8. It has been rated as critical. This issue affects the function shStaticFilePreUpload of the file shio-app/src/main/java/com/viglet/shio/api/staticfile/ShStaticFileAPI.java. The manipulation of the argument fileName leads to path traversal. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Scoring

CVSS 3.19.8 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS0.79% probability of exploitation · percentile 51.4% · 2026-06-19T12:03:05Z
Published2025-07-31
Last modified2026-04-29

Underlying weaknesses· 1

CWE-22

References

  1. https://github.com/openviglet/shio/issues/1028
  2. https://github.com/openviglet/shio/issues/1028#issue-3239418750
  3. https://vuldb.com/?ctiid.318293
  4. https://vuldb.com/?id.318293
  5. https://vuldb.com/?submit.617679
  6. https://github.com/openviglet/shio/issues/1028

1

TypeTargetConfidenceTier
WeaknessImproper Limitation of a Pathname to a Restricted Directory ('Path Traversal')cwe-220%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-8344
CVE
CVE-2025-1890
CVE
CVE-2025-5509
CVE
CVE-2025-2363
CVE
CVE-2025-2743
CVE
CVE-2025-3381
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.