CVE-2025-66908 (CNNVD-202512-3728)
中文标题:
turms 安全漏洞
英文标题:
Turms AI-Serving module v0.10.0-SNAPSHOT and earlier contains an improper file type validation vulne...
漏洞描述
中文描述:
turms是turms-im开源的一个即时通讯引擎。 turms AI-Serving module v0.10.0-SNAPSHOT及之前版本存在安全漏洞,该漏洞源于OCR图像上传功能中文件类型验证不当,可能导致服务器端代码执行。
英文描述:
Turms AI-Serving module v0.10.0-SNAPSHOT and earlier contains an improper file type validation vulnerability in the OCR image upload functionality. The OcrController in turms-ai-serving/src/main/java/im/turms/ai/domain/ocr/controller/OcrController.java uses the @FormData(contentType = MediaTypeConst.IMAGE) annotation to restrict uploads to image files, but this constraint is not properly enforced. The system relies solely on client-provided Content-Type headers and file extensions without validating actual file content using magic bytes (file signatures). An attacker can upload arbitrary file types including executables, scripts, HTML, or web shells by setting the Content-Type header to "image/*" or using an image file extension. This bypass enables potential server-side code execution, stored XSS, or information disclosure depending on how uploaded files are processed and served.
CWE类型:
标签:
受影响产品
| 厂商 | 产品 | 版本 | 版本范围 | 平台 | CPE |
|---|---|---|---|---|---|
| turms-im | turms | 0.10.0-snapshot | - | - |
cpe:2.3:a:turms-im:turms:0.10.0-snapshot:*:*:*:*:*:*:*
|
解决方案
中文解决方案:
英文解决方案:
临时解决方案:
CVSS评分详情
3.1 (adp)
MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
时间信息
利用信息
数据源详情
| 数据源 | 记录ID | 版本 | 提取时间 |
|---|---|---|---|
| CVE | cve_CVE-2025-66908 |
2025-12-21 02:11:30 | 2026-01-12 02:12:26 |
| NVD | nvd_CVE-2025-66908 |
2026-01-03 03:00:09 | 2026-01-12 02:28:05 |
| CNNVD | cnnvd_CNNVD-202512-3728 |
2026-01-11 06:15:04 | 2026-01-12 02:38:04 |
版本与语言
安全公告
变更历史
查看详细变更
- vulnerability_type: 未提取 -> 其他
- cnnvd_id: 未提取 -> CNNVD-202512-3728
- data_sources: ['cve', 'nvd'] -> ['cnnvd', 'cve', 'nvd']
查看详细变更
- affected_products_count: 0 -> 1
- data_sources: ['cve'] -> ['cve', 'nvd']