CVE-2025-59118：Apache OFBiz 严重反序列化漏洞深度剖析

🚨 CVE-2025-59118: Critical Apache OFBiz RCE 🚨

Unrestricted File Upload = Full Server Compromise 💥

------------|-----------|

| CVE ID | CVE-2025-59118 🔖 |

| Title | Unrestricted Upload of File with Dangerous Type 📂⚠️ |

| Severity | Critical 🔥 (CVSS ~9.0+ expected) |

| CWE | CWE-434 🛡️ |

| Affected | Apache OFBiz < 24.09.03 ❌ |

| Fixed In | 24.09.03+ ✅ |

| Published | Nov 12, 2025 📅 |

| Attack Type | Remote Code Execution (RCE) 💻💣 |

| Auth Required? | Yes (low-privilege user) 🔑 |

⚡ Impact

ERP systems = high-value targets 🏦

🔗 Official References

• Apache Security Advisory 📜
• Release Notes 24.09.03 📝
• NVD Entry 📋
• OSS-Security Thread ✉️

--------|------------|----------|

| ZoomEye | 844 | app="Apache OFBiz" |

| Hunter | 1,200+ | product.name="OFBiz" |

| FOFA | 1,600+ | app="Apache_OFBiz" |

Patch now. Scan now. Sleep later. 😴

-----|--------|--------|

| @zoomeye_team | "🚨 CVE-2025-59118 + XSS → 844 exposed OFBiz hosts!" | Nov 13 |

| @HunterMapping | "1.2K+ live targets. Patch or perish." | Nov 13 |

| @fofabot | "1.6K results on FOFA. RCE via upload." | Nov 12 |

| @CVEnew | "Official: Upgrade to 24.09.03" | Nov 12 |

✅ Final Verdict

"If you're running OFBiz < 24.09.03, you're one upload away from a breach."

Act now. Patch fast. Stay safe. 🔐✨FINISHED

6HFtX5dABrKlqXeO5PUv/84SoIo+TE3firf/5vX8AZ7VRvjVaY53XtS2qtHP029N