🚨 CVE-2025-59118: Critical Apache OFBiz RCE 🚨
Unrestricted File Upload = Full Server Compromise 💥
------------|-----------|
| CVE ID | CVE-2025-59118 🔖 |
| Title | Unrestricted Upload of File with Dangerous Type 📂⚠️ |
| Severity | Critical 🔥 (CVSS ~9.0+ expected) |
| CWE | CWE-434 🛡️ |
| Affected | Apache OFBiz < 24.09.03 ❌ |
| Fixed In | 24.09.03+ ✅ |
| Published | Nov 12, 2025 📅 |
| Attack Type | Remote Code Execution (RCE) 💻💣 |
| Auth Required? | Yes (low-privilege user) 🔑 |
⚡ Impact
| Risk | Level |
|---|---|
| Server Takeover | 🌕🌕🌕🌕🌕 |
| Data Theft | 💳📊 |
| Ransomware | 🔒💰 |
| Lateral Movement | 🌐➡️🏢 |
ERP systems = high-value targets 🏦
🔗 Official References
--------|------------|----------|
| ZoomEye | 844 | app="Apache OFBiz" |
| Hunter | 1,200+ | product.name="OFBiz" |
| FOFA | 1,600+ | app="Apache_OFBiz" |
Patch now. Scan now. Sleep later. 😴
-----|--------|--------|
| @zoomeye_team | "🚨 CVE-2025-59118 + XSS → 844 exposed OFBiz hosts!" | Nov 13 |
| @HunterMapping | "1.2K+ live targets. Patch or perish." | Nov 13 |
| @fofabot | "1.6K results on FOFA. RCE via upload." | Nov 12 |
| @CVEnew | "Official: Upgrade to 24.09.03" | Nov 12 |
✅ Final Verdict
"If you're running OFBiz < 24.09.03, you're one upload away from a breach."
Act now. Patch fast. Stay safe. 🔐✨FINISHED 6HFtX5dABrKlqXeO5PUv/84SoIo+TE3firf/5vX8AZ7VRvjVaY53XtS2qtHP029N
