CVE-2025-7627
BaseFortify
Publication date: 2025-07-14
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| yijiusmile | kkfileviewofficeedit | to 2019-03-19 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-434 | The product allows the upload or transfer of dangerous file types that are automatically processed within its environment. |
| CWE-284 | The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-7627 is a critical vulnerability in the YiJiuSmile kkFileViewOfficeEdit system's fileUpload function at the /fileUpload endpoint. It allows an attacker to upload arbitrary files without proper validation, including malicious FreeMarker template files (.ftl). By exploiting directory traversal, an attacker can overwrite important template files like index.ftl with malicious code that executes arbitrary system commands on the server. This leads to remote code execution and potential full system compromise. [1, 2, 3]
How can this vulnerability impact me? :
This vulnerability can lead to severe impacts including remote code execution on the affected server, allowing attackers to run arbitrary system commands. This can result in full system compromise, loss of confidentiality, integrity, and availability of the system. Attackers can overwrite critical files, inject malicious code, and potentially control the server remotely, severely affecting the security and operation of the affected environment. [1, 2, 3]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring for suspicious HTTP POST requests to the /fileUpload endpoint that include file uploads with directory traversal patterns (e.g., filenames containing '../') and unusual file types such as '.ftl'. For example, inspecting web server logs for POST requests to /fileUpload with filenames attempting to overwrite template files like 'index.ftl' can indicate exploitation attempts. A command to search web server logs for such attempts could be: grep -i 'POST /fileUpload' /var/log/nginx/access.log | grep '\.ftl' or grep -E '\.ftl|\.ftl' /var/log/apache2/access.log. Additionally, monitoring for unexpected changes in template files (e.g., index.ftl) in the web directory or scanning for newly uploaded '.ftl' files in directories accessible by the web server can help detect exploitation. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include disabling or restricting access to the /fileUpload endpoint to prevent unauthorized file uploads. Implement strict validation and sanitization of uploaded files, especially blocking uploads of '.ftl' files or files with directory traversal sequences in their names. If possible, restrict file upload permissions and isolate the upload directory from execution contexts. Since no patches or version updates are available due to the rolling release model, consider replacing the affected product or applying web application firewall (WAF) rules to block malicious upload attempts. Monitoring and alerting on suspicious upload activity should also be established. [3, 1]