CVE-2025-34282 | ThingsBoard up to 4.2.0 Image Upload Gallery Feature server-side request forgery

A vulnerability, which was classified as critical, has been found in ThingsBoard up to 4.2.0. The impacted element is an unknown function of the component Image Upload Gallery Feature. The manipulation leads to server-side request forgery.

This vulnerability is listed as CVE-2025-34282. The attack may be initiated remotely. There is no available exploit.

It is advisable to upgrade the affected component.VulDB Recent EntriesRead More