CVE-2025-65897
BaseFortify
Publication date: 2025-12-05
Last updated on: 2025-12-12
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| zhaoyachao | zdh_web | to 5.6.17 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-434 | The product allows the upload or transfer of dangerous file types that are automatically processed within its environment. |
| CWE-22 | The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory. |
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection of this vulnerability involves checking if your zdh_web installation is version 5.6.17 or earlier, as these versions contain the insufficient validation of file upload paths. You can verify the version of zdh_web running on your system. Additionally, monitoring for unusual file uploads or unexpected file modifications in the server file system, especially in directories used by the application for file uploads, can help detect exploitation attempts. Since the vulnerability allows authenticated users to write arbitrary files, reviewing application logs for suspicious file upload activities or unexpected file paths is recommended. Specific commands are not provided in the resources, but general approaches include: 1) Checking the application version via your deployment or package management tools. 2) Using file system monitoring tools (e.g., inotifywait on Linux) to watch upload directories for unexpected changes. 3) Reviewing application logs for file upload requests with suspicious file paths. 4) Using network monitoring tools to detect unusual HTTP POST requests to file upload endpoints. However, no explicit commands or scripts are detailed in the provided resources. [4, 3]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include upgrading your zdh_web installation to version 5.6.18 or later, where the vulnerability has been fixed by improving file upload path validation and handling. After upgrading, rebuild and redeploy your environment to ensure the fixes are applied. If upgrading immediately is not possible, restrict access to the file upload functionality to trusted users only, and monitor file upload activities closely. Applying the patch from the official repository (as per the commit in Resource 3) that replaces unsafe file name handling with safer utilities and restricts file upload directories (as indicated in Resource 1) is also recommended. Additionally, review and harden logging and monitoring to detect any exploitation attempts. Ultimately, upgrading to the fixed version is the most effective mitigation. [1, 3, 4]
Can you explain this vulnerability to me?
This vulnerability in zdh_web (up to version 5.6.17) is due to insufficient validation of file upload paths. It allows an authenticated user to write arbitrary files to the server's file system, which can overwrite existing files. This can lead to privilege escalation or remote code execution on the server.
How can this vulnerability impact me? :
The vulnerability can impact you by allowing an authenticated user to upload files that overwrite critical server files, potentially leading to privilege escalation or remote code execution. This means attackers could gain higher-level access or control over the server, compromising the system's security and integrity.