CVE-2025-14520
BaseFortify
Publication date: 2025-12-11
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| baowzh | hfly | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-22 | The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a path traversal weakness in the baowzh hfly software, specifically in the /admin/index.php/datafile/delfile function. By manipulating the filename argument, an attacker can traverse directories on the server remotely, potentially accessing or deleting unauthorized files. The exploit is publicly available and the vendor has not responded to the disclosure.
How can this vulnerability impact me? :
This vulnerability can allow an attacker to remotely manipulate file paths, potentially leading to unauthorized deletion or access of files on the server. This can disrupt service, cause data loss, or expose sensitive information depending on the files accessed or deleted.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability allows unauthorized deletion of arbitrary files, including potentially sensitive system and database files, which can lead to data integrity and availability issues. Such impacts can result in non-compliance with standards and regulations like GDPR and HIPAA that require protection of data integrity, availability, and confidentiality. However, no explicit mention of compliance impact is provided in the resources. [1, 2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring for unusual HTTP requests targeting the /admin/index.php/datafile/delfile endpoint with suspicious filename parameters containing directory traversal sequences such as '../'. For example, inspecting web server logs for requests with patterns like 'delfile?filename=../' or URL-encoded equivalents can help identify exploitation attempts. Commands such as using grep on access logs can be used: grep -i 'delfile?filename=' /var/log/apache2/access.log | grep '\.\./' or using network monitoring tools to detect such patterns in HTTP requests. Additionally, scanning for the presence of the vulnerable software version and checking for the existence of the affected file path can assist in detection. [1, 2]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include disabling or restricting access to the /admin/index.php/datafile/delfile endpoint to prevent remote exploitation. Since no patches or vendor mitigations are available, it is recommended to replace the affected baowzh hfly software with an alternative product. Additionally, implementing web application firewall (WAF) rules to block requests containing directory traversal patterns in the filename parameter can help reduce risk. Monitoring and alerting on suspicious file deletion attempts is also advised. [2]
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided resources do not contain information regarding the impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring for unusual HTTP requests targeting the /admin/index.php/datafile/delfile endpoint with suspicious filename parameters containing directory traversal sequences such as '../'. For example, inspecting web server logs for requests like 'delfile?filename=../' or encoded variants can indicate exploitation attempts. Commands such as using grep on access logs can help detect this, e.g., `grep 'delfile?filename=' /var/log/apache2/access.log` or `grep '%2E%2E%2F' /var/log/apache2/access.log` to find URL-encoded traversal attempts. [1, 2]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include disabling or restricting access to the vulnerable /admin/index.php/datafile/delfile functionality, especially from untrusted networks. Since no vendor patch or countermeasure is available, it is recommended to replace the affected product with a secure alternative. Additionally, implement web application firewall (WAF) rules to block requests containing directory traversal patterns in the filename parameter. Monitoring and alerting on suspicious activity should also be established. [2]