CVE-2025-11631
BaseFortify
Publication date: 2025-10-12
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| docsys_project | docsys | to 2.02.36 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-22 | The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-11631 is a path traversal vulnerability in RainyGao DocSys up to version 2.02.36, specifically in the /Doc/deleteDoc.do endpoint. It occurs because the application does not properly validate or sanitize the 'path' argument, allowing an attacker to manipulate the file path to delete arbitrary files on the server remotely without authentication. [2, 3]
How can this vulnerability impact me? :
This vulnerability allows an attacker to delete any file on the affected server remotely, which can lead to loss of critical data, disruption of services, and compromise of system integrity and availability. Since the exploit is publicly available and requires no authentication, it poses a significant security risk. [2, 3]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring requests to the /Doc/deleteDoc.do endpoint that include manipulation of the 'path' parameter indicative of path traversal attempts (e.g., usage of '../' sequences). Network intrusion detection systems (NIDS) or web application firewalls (WAF) can be configured to alert on such suspicious requests. Additionally, manual testing can be performed by sending crafted HTTP requests to the vulnerable endpoint to check if arbitrary file deletion is possible. For example, using curl to test path traversal: curl -v "http://<target>/Doc/deleteDoc.do?path=../../etc/passwd" and observing the response or system behavior may indicate vulnerability. [2, 3]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting access to the /Doc/deleteDoc.do endpoint, such as limiting network exposure via firewall rules or IP whitelisting. Since no vendor patch or fix is available, consider disabling or removing the vulnerable functionality if possible. Monitoring and alerting on suspicious deletion requests should be implemented. Ultimately, replacing the affected DocSys versions (up to 2.02.36) with a secure alternative or patched version (if released) is recommended. [3]