CVE-2025-34111
BaseFortify
Publication date: 2025-07-15
Last updated on: 2025-10-03
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| tiki | tikiwiki_cms\/groupware | to 15.1 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-434 | The product allows the upload or transfer of dangerous file types that are automatically processed within its environment. |
| CWE-306 | The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources. |
| CWE-20 | The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an unauthenticated arbitrary file upload issue in Tiki Wiki CMS Groupware version 15.1 and earlier, specifically in the ELFinder component's default connector. Because the component does not validate file types, attackers can upload malicious PHP scripts remotely by sending crafted POST requests. Once uploaded, these scripts can be executed on the web server, allowing attackers to run arbitrary code with the web server's privileges. [1, 3]
How can this vulnerability impact me? :
The vulnerability allows remote attackers to upload and execute malicious PHP scripts without authentication. This can lead to remote code execution on the web server, potentially compromising the server, accessing sensitive data, modifying or deleting content, or using the server as a foothold for further attacks. Since the exploit runs with web server user privileges, it can severely impact the security and integrity of the affected system. [1, 3]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
The vulnerability can be detected by checking for the presence of the vulnerable ELFinder example page at /vendor_extra/elfinder/elfinder.html, which should return an HTTP 200 response if present. Additionally, detection can involve sending a multipart/form-data POST request to the ELFinder connector script at vendor_extra/elfinder/php/connector.minimal.php to test if arbitrary file uploads are possible. A practical detection command could be using curl to check the example page: curl -I http://<target>/vendor_extra/elfinder/elfinder.html and checking for HTTP 200. Further, attempting a controlled file upload via curl or a similar tool to the connector script can confirm vulnerability. [3, 1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include updating Tiki Wiki CMS Groupware to version 15.2 or later, as security updates addressing this vulnerability have been released. Administrators should download and apply the latest patches from https://tiki.org/Download to ensure protection. Until updates are applied, restricting access to the ELFinder component path (/vendor_extra/elfinder/) via web server configuration or firewall rules can help reduce exposure. [2]