How severe is CVE-2025-5131?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 4.7 out of 10.

What type of vulnerability is CVE-2025-5131?

This is classified as CWE-284, which is a common weakness in software security.

CVE-2025-5131

MEDIUM Year: 2025

CVSS v3 Score

4.7

Medium

CVSS v2 Score

5.8

Medium

Weakness Type

CWE-284

View all →

Vulnerability Description

A vulnerability was found in Tmall Demo up to 20250505. It has been declared as critical. This vulnerability affects the function uploadCategoryImage of the file tmall/admin/uploadCategoryImage. The manipulation of the argument File leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2015-2687

MEDIUM

CVSS:4.7(Medium)

OpenStack Compute (nova) Icehouse, Juno and Havana when live migration fails allows local users to access VM volumes that they would normally not have permissions for.

CWE-2842015

CVE-2016-4963

MEDIUM

CVSS:4.7(Medium)

The libxl device-handling in Xen through 4.6.x allows local guest OS users with access to the driver domain to cause a denial of service (management tool confusion) by manipulating information in the ...

CWE-2842016

CVE-2016-6723

MEDIUM

CVSS:4.7(Medium)

A denial of service vulnerability in Proxy Auto Config in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-11-01, and 7.0 before 2016-11-01 could enable a remote attac...

CWE-2842016

CVE-2018-0119

MEDIUM

CVSS:4.7(Medium)

A vulnerability in certain authentication controls in the account services of Cisco Spark could allow an authenticated, remote attacker to interact with and view information on an affected device that...

CWE-2842018

CVE-2020-3231

MEDIUM

CVSS:4.7(Medium)

A vulnerability in the 802.1X feature of Cisco Catalyst 2960-L Series Switches and Cisco Catalyst CDB-8P Switches could allow an unauthenticated, adjacent attacker to forward broadcast traffic before ...

CWE-2842020

CVE-2020-3418

MEDIUM

CVSS:4.7(Medium)

A vulnerability in Cisco IOS XE Wireless Controller Software for Cisco Catalyst 9800 Series Routers could allow an unauthenticated, adjacent attacker to send ICMPv6 traffic prior to the client being p...

CWE-2842020

CVE-2025-5131

Vulnerability Description

Related Vulnerabilities

CVE-2015-2687

CVE-2016-4963

CVE-2016-6723

CVE-2018-0119

CVE-2020-3231

CVE-2020-3418