CVE-2025-65879
BaseFortify
Publication date: 2025-12-05
Last updated on: 2025-12-12
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| yeqifu | warehouse_management_system | to 1.2 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-22 | The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in Warehouse Management System 1.2 where an authenticated user can delete arbitrary files on the server. The /goods/deleteGoods endpoint takes a user-controlled parameter called goodsimg, which is concatenated directly with the server's UPLOAD_PATH and passed to the File.delete() function without any validation. This allows a remote authenticated attacker to use directory traversal payloads to delete files outside the intended directory.
How can this vulnerability impact me? :
This vulnerability can allow an attacker with authentication to delete arbitrary files on the server, potentially leading to loss of important data, disruption of service, or compromising the integrity of the system by removing critical files.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability allows authenticated attackers to delete arbitrary files on the server, including system configuration, application files, uploaded data, and logs. This can lead to denial of service or complete application failure, potentially impacting the integrity and availability of sensitive data. Such impacts could result in non-compliance with standards and regulations like GDPR and HIPAA, which require protection of data integrity and availability. However, specific compliance implications are not detailed in the provided resources. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring for suspicious POST requests to the /goods/deleteGoods endpoint containing directory traversal payloads in the goodsimg parameter, such as sequences like '../'. A proof of concept involves sending crafted POST requests with goodsimg values like '../a.txt' or '../../../../test.txt' to check if arbitrary files can be deleted. Network monitoring tools or web application firewalls can be configured to log or block such requests. Additionally, inspecting server logs for unexpected file deletions or errors related to file access may help detect exploitation attempts. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include normalizing file paths and blocking traversal sequences such as '..' in the goodsimg parameter, rejecting absolute paths, enforcing file deletion only within a predefined whitelist directory, validating that the file to be deleted is genuinely associated with the goods entry, and using server-side file ID mapping instead of accepting direct file paths from user input. [1]