CVE-2025-6466 | ageerle ruoyi-ai 2.0.0 SseServiceImpl.java speechToTextTranscriptionsV2/upload File unrestricted upload

A vulnerability was found in ageerle ruoyi-ai 2.0.0 and classified as critical. Affected by this issue is the function speechToTextTranscriptionsV2/upload of the file ruoyi-modules/ruoyi-system/src/main/java/org/ruoyi/system/service/impl/SseServiceImpl.java. The manipulation of the argument File leads to unrestricted upload.

This vulnerability is handled as CVE-2025-6466. The attack may be launched remotely. Furthermore, there is an exploit available.

It is recommended to upgrade the affected component.VulDB Recent EntriesRead More