CVE-2025-7626
BaseFortify
Publication date: 2025-07-14
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| yijiusmile | kkfileviewofficeedit | to 2019-03-19 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-22 | The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-7626 is a critical vulnerability in the YiJiuSmile kkFileViewOfficeEdit software, specifically in the onlinePreview function. It is a path traversal and Server-Side Request Forgery (SSRF) vulnerability that allows an attacker to manipulate the 'url' parameter to access arbitrary files on the server. This happens because the software does not properly validate or sanitize the user-supplied URL, enabling attackers to read sensitive local files by specifying file paths using the file:// protocol. The vulnerability can be exploited remotely and has a publicly available proof-of-concept. [1, 2, 3]
How can this vulnerability impact me? :
This vulnerability can impact you by allowing attackers to remotely read any file on the server running the vulnerable software. This can lead to unauthorized disclosure of sensitive information such as configuration files, credentials, or other private data. Since the attacker can access internal resources through the file preview functionality, it poses significant security risks including potential further exploitation or information leakage. [1, 2, 3]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring for suspicious HTTP requests to the /onlinePreview endpoint with a url parameter containing file:// or path traversal patterns. For example, you can use network traffic inspection tools or web server logs to identify requests like: http://<server>:<port>/onlinePreview?url=file:///path/to/sensitive/file. A simple command to search web server logs for such attempts could be: grep '/onlinePreview?url=file://' /var/log/nginx/access.log or grep '/onlinePreview?url=' /var/log/apache2/access.log. Additionally, you can use curl to test the endpoint manually, e.g.: curl 'http://<server>:<port>/onlinePreview?url=file:///etc/passwd' to check if the server returns file contents. [3]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting or disabling access to the /onlinePreview endpoint if possible, especially from untrusted networks. Since no known countermeasures or patches are documented, consider replacing the affected product with a secure alternative. Additionally, implement network-level controls such as firewall rules to block suspicious requests containing file:// or path traversal patterns. Monitoring and alerting on such requests can help detect exploitation attempts early. [2]