VYPR
Moderate severityNVD Advisory· Published Apr 22, 2025· Updated May 27, 2025

io.jmix.localfs:jmix-localfs affected by DoS in the Local File Storage

CVE-2025-32952

Description

Jmix is a set of libraries and tools to speed up Spring Boot data-centric application development. In versions 1.0.0 to 1.6.1 and 2.0.0 to 2.3.4, the local file storage implementation does not restrict the size of uploaded files. An attacker could exploit this by uploading excessively large files, potentially causing the server to run out of space and return HTTP 500 error, resulting in a denial of service. This issue has been patched in versions 1.6.2 and 2.4.0. A workaround is provided on the Jmix documentation website.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
io.jmix.localfs:jmix-localfsMaven
>= 1.0.0, < 1.6.21.6.2
io.jmix.localfs:jmix-localfsMaven
>= 2.0.0, < 2.4.02.4.0

Affected products

2

Patches

Vulnerability mechanics

References

11

News mentions

0

No linked articles in our index yet.