CVE-2025-66908 | Turms AI-Serving module up to 0.10.0-SNAPSHOT OcrController.java unrestricted upload

December 19, 2025 Yanac

A vulnerability labeled as critical has been found in Turms AI-Serving module up to 0.10.0-SNAPSHOT. Impacted is an unknown function of the file turms-ai-serving/src/main/java/im/turms/ai/domain/ocr/controller/OcrController.java. Executing manipulation can lead to unrestricted upload.

This vulnerability is handled as CVE-2025-66908. The attack can be executed remotely. There is not any exploit available.VulDB Recent EntriesRead More