CVE-2025-66908 affects the Turms AI-Serving module version 0.10.0-SNAPSHOT and earlier, specifically its OCR image upload functionality. The vulnerability arises because the OcrController component uses the @FormData(contentType = MediaTypeConst.IMAGE) annotation to restrict uploads to image files but does not enforce this restriction properly. Instead, it relies on client-provided Content-Type headers and file extensions to validate uploads. This approach is insecure because attackers can manipulate these headers or use image file extensions to upload arbitrary file types, including executables, scripts, HTML files, or web shells. The lack of server-side validation using magic bytes (file signature checks) means the system cannot reliably distinguish genuine image files from malicious payloads. Exploiting this vulnerability could allow attackers to execute server-side code if the uploaded files are processed or executed, perform stored XSS attacks if malicious HTML or scripts are served to users, or disclose sensitive information depending on how files are handled. The vulnerability is classified under CWE-434, which concerns unrestricted file uploads of dangerous types. The CVSS v3.1 base score is 5.3, indicating a medium severity with network attack vector, low attack complexity, no privileges or user interaction required, and limited confidentiality impact. No patches or known exploits are currently reported. The vulnerability highlights a common security oversight in file upload handling where content validation is insufficient, posing risks to application integrity and confidentiality.

For European organizations using the Turms AI-Serving module, this vulnerability poses a moderate risk. If exploited, attackers could upload malicious files leading to server-side code execution, which may compromise the affected system's integrity and availability. Stored XSS attacks could impact users interacting with the system, potentially leading to session hijacking or phishing. Information disclosure risks arise if sensitive data is exposed through improperly handled uploaded files. The impact is particularly significant for organizations relying on OCR services for document processing, automated workflows, or AI-driven data extraction, as compromise could disrupt critical business operations or leak confidential information. Given the network attack vector and no requirement for authentication or user interaction, attackers can exploit this vulnerability remotely and anonymously, increasing the threat surface. However, the absence of known exploits and the medium CVSS score suggest the threat is moderate but should not be underestimated. Organizations in sectors such as finance, healthcare, legal, and government, which often process sensitive documents with OCR, face higher risks. The vulnerability could also be leveraged as a foothold for further lateral movement or data exfiltration within corporate networks.

To mitigate CVE-2025-66908, European organizations should implement strict server-side validation of uploaded files beyond relying on Content-Type headers and file extensions. Specifically, validate the actual file content using magic bytes or file signature verification libraries to ensure only legitimate image files are accepted. Employ allowlists for acceptable MIME types and file extensions combined with content inspection. Implement sandboxing or isolation mechanisms for processing uploaded files to limit potential damage from malicious payloads. Regularly update the Turms AI-Serving module to the latest versions once patches are released. Monitor file upload logs for suspicious activity such as unexpected file types or repeated upload attempts. Employ web application firewalls (WAFs) with rules to detect and block malicious file uploads. Conduct security testing including fuzzing and penetration testing focused on file upload functionalities. Educate developers on secure file handling practices and the risks of trusting client-supplied metadata. Finally, restrict permissions on directories handling uploads to prevent execution of uploaded files and enforce least privilege principles on the server environment.