CVE-2025-14521
BaseFortify
Publication date: 2025-12-11
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| baowzh | hfly | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-22 | The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a path traversal issue in the baowzh hfly software, specifically in an unknown function within the file /admin/index.php/datafile/download. By manipulating the 'filename' argument, an attacker can traverse directories on the server, potentially accessing files outside the intended directory. The attack can be performed remotely and the exploit has been publicly disclosed.
How can this vulnerability impact me? :
This vulnerability can allow an attacker with some privileges (as indicated by the CVSS requiring privileges) to access sensitive files on the server by traversing directories. This could lead to unauthorized disclosure of information, potentially compromising confidentiality of data stored on the server.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
This vulnerability allows unauthorized remote attackers to perform path traversal and read arbitrary files on the server, potentially exposing sensitive information such as configuration files, account passwords, and cryptographic keys. Such exposure of sensitive data can lead to breaches of confidentiality, which may result in non-compliance with data protection regulations like GDPR and HIPAA that require safeguarding personal and sensitive information. Therefore, the vulnerability negatively impacts compliance by increasing the risk of unauthorized data disclosure. [1, 2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by testing the /admin/index.php/datafile/download endpoint with manipulated filename parameters to check for path traversal. For example, sending HTTP requests with payloads such as '../' sequences in the filename parameter to see if files outside the intended directory can be accessed. Commands using curl could be: curl -v 'http://target/admin/index.php/datafile/download?filename=../../../../etc/passwd' to check if the /etc/passwd file is accessible. Monitoring web server logs for suspicious requests containing traversal patterns in the filename parameter can also help detect exploitation attempts. [1, 2]
What immediate steps should I take to mitigate this vulnerability?
There are no known mitigations or patches available for this vulnerability as the vendor did not respond and no fixes have been disclosed. The recommended immediate step is to replace the affected product with an alternative that does not have this vulnerability. Additionally, restricting access to the vulnerable endpoint, implementing web application firewall (WAF) rules to block path traversal patterns, and monitoring for exploit attempts can help reduce risk until a secure replacement is deployed. [2]