CVE-2025-63738
BaseFortify
Publication date: 2025-12-09
Last updated on: 2025-12-12
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| rockoa | rockoa | 2.7.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-98 | The PHP application receives input from an upstream component, but it does not restrict or incorrectly restricts the input before its usage in "require," "include," or similar functions. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in Xinhu Rainrock RockOA 2.7.0 allows attackers to gain sensitive information by accessing the phpinfo output through the 'a' parameter in the index.php file.
How can this vulnerability impact me? :
An attacker exploiting this vulnerability can obtain sensitive information about the server environment, which could be used to facilitate further attacks or compromise the system.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability allows attackers with valid session cookies to access detailed server configuration information, including environment variables and potentially database connection information. This exposure of sensitive information could lead to unauthorized access or data breaches, which may impact compliance with standards like GDPR and HIPAA that require protection of sensitive data and secure system configurations. However, the provided resources do not explicitly discuss compliance implications. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
You can detect this vulnerability by attempting to access the URL endpoint that triggers the phpinfo output, specifically by sending a request to `index.php` with parameters `?a=phpinfo&m=index`. For example, use a command like `curl -i http://target/index.php?a=phpinfo&m=index` to see if the server returns detailed PHP configuration information. If the response includes PHP version, server details, and configuration parameters, the vulnerability is present. Note that exploitation requires valid session cookies and access, so detection may require authenticated requests. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting access to the vulnerable phpinfoAction() method by implementing proper access control and permission checks in the index.php file. Ensure that the `phpinfo()` function cannot be invoked by unauthorized users. Additionally, review and limit session cookie access to prevent unauthorized exploitation. If possible, update or patch Xinhu Rainrock RockOA to a version where this vulnerability is fixed. [1]