CVE-2025-34508
BaseFortify
Publication date: 2025-06-17
Last updated on: 2025-11-04
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-22 | The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-34508 is a path traversal vulnerability in ZendTo versions 6.15-7 and earlier, specifically in the file dropoff functionality. It occurs because the backend improperly handles certain parameters during file upload, allowing an authenticated attacker to manipulate file paths. By exploiting this, the attacker can access or move files outside the intended directories, including other users' files or sensitive system files, potentially leading to unauthorized data access or denial of service. [1]
How can this vulnerability impact me? :
This vulnerability can allow a remote, authenticated attacker to retrieve files belonging to other ZendTo users or files on the host system. It can also enable attackers to move or download sensitive files such as logs or internal databases, which may facilitate further unauthorized access or cause denial of service by disrupting critical files or services. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection of this vulnerability involves verifying if your ZendTo installation is a vulnerable version (6.15-7 or earlier) and checking for suspicious file paths or unauthorized file access in the dropoff directory. Since exploitation involves manipulating the 'chunkName' and 'tmp_name' parameters during file upload, monitoring web server logs for unusual requests containing path traversal sequences (e.g., '/../') in these parameters can help detect attempts. Commands to check for suspicious files or paths could include searching the dropoff directory for unexpected files or symbolic links. For example, on the server, you could run: 1) grep -r '\.\./' /path/to/zendto/dropoff to find files or logs referencing path traversal patterns; 2) find /path/to/zendto/dropoff -type l or -exec ls -l {} \; to detect symbolic links that may have been created maliciously. Additionally, reviewing web server access logs for authenticated requests with unusual parameters may help identify exploitation attempts. [1]
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to upgrade ZendTo to version 6.15-8 or later, where this vulnerability has been patched. Until the upgrade can be applied, restrict access to the ZendTo application to trusted users only, as exploitation requires authentication. Additionally, monitor and audit file uploads and dropoff directories for suspicious activity. Applying strict input validation or web application firewall (WAF) rules to block path traversal sequences in upload parameters can also help reduce risk temporarily. [1]