CVE-2025-12203
BaseFortify
Publication date: 2025-10-27
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| vvveb | vvveb | to 1.0.7.3 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-22 | The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-12203 is a vulnerability in the Vvveb CMS version 1.0.7.3, specifically in the sanitizeFileName function used by the code editor component. The function attempts to prevent path traversal attacks by filtering out sequences like "..", but it fails to properly handle null byte (%00) injection. An authenticated attacker can exploit this by inserting null bytes into the file parameter, bypassing the filter and accessing arbitrary files on the server outside the intended directory. This allows unauthorized reading of files, posing a significant security risk. [1, 2]
How can this vulnerability impact me? :
This vulnerability can allow an authenticated attacker to read arbitrary files on the server, including sensitive configuration files or data that should be protected. This unauthorized file disclosure can lead to leakage of confidential information, potentially enabling further attacks or compromising the security and privacy of the system and its users. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by attempting to exploit the path traversal via the 'file' parameter in the code editor's loadFile action, specifically by sending authenticated GET requests with crafted file parameters containing null byte (%00) injections to bypass sanitization. For example, using curl to send a request like: curl -u admin:password 'http://your-vvveb-site/admin/controller/editor/code.php?action=loadFile&file=.%00./.%00./.%00./test.txt' and observing if files outside the intended directory are accessible. Monitoring logs for such suspicious requests or unexpected file access attempts can also help detect exploitation attempts. [1]
What immediate steps should I take to mitigate this vulnerability?
The immediate step to mitigate this vulnerability is to apply the patch identified by commit b0fa7ff74a3539c6d37000db152caad572e4c39b, which fixes the sanitizeFileName function to properly handle and neutralize null byte characters, preventing exploitation. Additionally, restrict access to the code editor functionality to trusted administrators and monitor for suspicious activity until the patch is applied. [2]