CVE-2025-4260 | zhangyanbo2007 youkefu up to 4.2.0 TemplateController.java impsave dataFile deserialization
A vulnerability was found in zhangyanbo2007 youkefu up to 4.2.0 and classified as problematic. Affected by this issue is the function impsave of the file m\web\handler\admin\system\TemplateController.java. The manipulation of the argument dataFile leads to deserialization.
This vulnerability is handled as CVE-2025-4260. The attack may be launched remotely. Furthermore, there is an exploit available.