CVE-2025-69620
Unknown Unknown - Not Provided
Path Traversal in Moo Chan Song v4.5.7 Causes DoS via File Write

Publication date: 2026-02-04

Last updated on: 2026-02-11

Assigner: MITRE

Description
A path traversal in Moo Chan Song v4.5.7 allows attackers to cause a Denial of Service (DoS) via writing files to the internal storage.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-04
Last Modified
2026-02-11
Generated
2026-06-16
AI Q&A
2026-02-04
EPSS Evaluated
2026-06-14
NVD
CVE-2025-69620
EUVD
EUVD-2025-206780
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
ntoolslab office_reader 4.5.7
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-400 The product does not properly control the allocation and maintenance of a limited resource.
CWE-22 The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

[{'type': 'paragraph', 'content': "CVE-2025-69620 is a path traversal vulnerability in the Office Reader app (version 4.5.7) developed by Moo Chan Song. It exists in the file import component, allowing attackers to manipulate filenames and file contents using path traversal sequences. This enables unauthorized arbitrary file writes within the app's internal storage without user consent."}, {'type': 'paragraph', 'content': "The vulnerability arises from insufficient security checks during file import, allowing an attacker to write files anywhere inside the app's data directory by exploiting specially crafted URIs containing '../' sequences."}, {'type': 'paragraph', 'content': 'Exploitation can be triggered automatically when a victim opens a malicious app, requiring no complex user interaction.'}] [2]

Impact Analysis

[{'type': 'paragraph', 'content': "This vulnerability can lead to a Denial of Service (DoS) by allowing attackers to write large or oversized files repeatedly to the app's internal storage, exhausting storage or memory resources."}, {'type': 'paragraph', 'content': "It also compromises data integrity and security by enabling unauthorized arbitrary file writes within the app's internal storage, potentially breaking sandbox isolation."}] [2]

Detection Guidance

[{'type': 'paragraph', 'content': 'This vulnerability involves path traversal allowing arbitrary file writes within the app\'s internal storage when a specially crafted intent is sent to the vulnerable app. Detection can focus on monitoring for suspicious intents or content URIs containing path traversal sequences (e.g., multiple "../" sequences) targeting the Office Reader app.'}, {'type': 'paragraph', 'content': "Since the attack exploits the app's ViewOfficeActivity via intents with crafted URIs, you can monitor Android logs (logcat) for unusual intents or file write operations within the app's data directory (/data/data/net.sjava.officereader/)."}, {'type': 'paragraph', 'content': 'Suggested commands to detect suspicious activity include:'}, {'type': 'list_item', 'content': "adb logcat | grep -i 'net.sjava.officereader'"}, {'type': 'list_item', 'content': 'adb shell ls -l /data/data/net.sjava.officereader/ to check for unexpected files'}, {'type': 'list_item', 'content': 'adb shell run-as net.sjava.officereader ls -l to inspect internal storage files'}, {'type': 'list_item', 'content': 'Monitor for intents with suspicious content URIs containing "../" sequences using Android intent monitoring tools or custom scripts.'}] [2]

Mitigation Strategies

[{'type': 'paragraph', 'content': "Immediate mitigation steps include preventing exploitation by restricting or monitoring the vulnerable app's ability to receive crafted intents and limiting file write permissions."}, {'type': 'paragraph', 'content': 'Specifically:'}, {'type': 'list_item', 'content': 'Avoid opening untrusted or suspicious files with the Moo Chan Song Office Reader app version 4.5.7.'}, {'type': 'list_item', 'content': "Restrict or disable the vulnerable app's ViewOfficeActivity from receiving external intents if possible."}, {'type': 'list_item', 'content': 'Monitor and limit app permissions related to file system access and content providers.'}, {'type': 'list_item', 'content': 'If available, update the app to a patched version that fixes the path traversal vulnerability.'}, {'type': 'list_item', 'content': 'As a temporary measure, consider uninstalling or disabling the vulnerable app until a fix is applied.'}] [2]

Compliance Impact

The vulnerability allows unauthorized arbitrary file writes within the app’s internal storage, potentially compromising data integrity and security.

Such unauthorized access and manipulation of data could negatively impact compliance with data protection regulations like GDPR and HIPAA, which require safeguarding personal and sensitive information against unauthorized access and ensuring data integrity.

However, the provided information does not explicitly mention compliance impacts or specific regulatory considerations.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-69620. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart