CVE-2025-69620
Path Traversal in Moo Chan Song v4.5.7 Causes DoS via File Write
Publication date: 2026-02-04
Last updated on: 2026-02-11
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| ntoolslab | office_reader | 4.5.7 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-22 | The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory. |
| CWE-400 | The product does not properly control the allocation and maintenance of a limited resource. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
[{'type': 'paragraph', 'content': "CVE-2025-69620 is a path traversal vulnerability in the Office Reader app (version 4.5.7) developed by Moo Chan Song. It exists in the file import component, allowing attackers to manipulate filenames and file contents using path traversal sequences. This enables unauthorized arbitrary file writes within the app's internal storage without user consent."}, {'type': 'paragraph', 'content': "The vulnerability arises from insufficient security checks during file import, allowing an attacker to write files anywhere inside the app's data directory by exploiting specially crafted URIs containing '../' sequences."}, {'type': 'paragraph', 'content': 'Exploitation can be triggered automatically when a victim opens a malicious app, requiring no complex user interaction.'}] [2]
How can this vulnerability impact me? :
[{'type': 'paragraph', 'content': "This vulnerability can lead to a Denial of Service (DoS) by allowing attackers to write large or oversized files repeatedly to the app's internal storage, exhausting storage or memory resources."}, {'type': 'paragraph', 'content': "It also compromises data integrity and security by enabling unauthorized arbitrary file writes within the app's internal storage, potentially breaking sandbox isolation."}] [2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': 'This vulnerability involves path traversal allowing arbitrary file writes within the app\'s internal storage when a specially crafted intent is sent to the vulnerable app. Detection can focus on monitoring for suspicious intents or content URIs containing path traversal sequences (e.g., multiple "../" sequences) targeting the Office Reader app.'}, {'type': 'paragraph', 'content': "Since the attack exploits the app's ViewOfficeActivity via intents with crafted URIs, you can monitor Android logs (logcat) for unusual intents or file write operations within the app's data directory (/data/data/net.sjava.officereader/)."}, {'type': 'paragraph', 'content': 'Suggested commands to detect suspicious activity include:'}, {'type': 'list_item', 'content': "adb logcat | grep -i 'net.sjava.officereader'"}, {'type': 'list_item', 'content': 'adb shell ls -l /data/data/net.sjava.officereader/ to check for unexpected files'}, {'type': 'list_item', 'content': 'adb shell run-as net.sjava.officereader ls -l to inspect internal storage files'}, {'type': 'list_item', 'content': 'Monitor for intents with suspicious content URIs containing "../" sequences using Android intent monitoring tools or custom scripts.'}] [2]
What immediate steps should I take to mitigate this vulnerability?
[{'type': 'paragraph', 'content': "Immediate mitigation steps include preventing exploitation by restricting or monitoring the vulnerable app's ability to receive crafted intents and limiting file write permissions."}, {'type': 'paragraph', 'content': 'Specifically:'}, {'type': 'list_item', 'content': 'Avoid opening untrusted or suspicious files with the Moo Chan Song Office Reader app version 4.5.7.'}, {'type': 'list_item', 'content': "Restrict or disable the vulnerable app's ViewOfficeActivity from receiving external intents if possible."}, {'type': 'list_item', 'content': 'Monitor and limit app permissions related to file system access and content providers.'}, {'type': 'list_item', 'content': 'If available, update the app to a patched version that fixes the path traversal vulnerability.'}, {'type': 'list_item', 'content': 'As a temporary measure, consider uninstalling or disabling the vulnerable app until a fix is applied.'}] [2]
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability allows unauthorized arbitrary file writes within the appβs internal storage, potentially compromising data integrity and security.
Such unauthorized access and manipulation of data could negatively impact compliance with data protection regulations like GDPR and HIPAA, which require safeguarding personal and sensitive information against unauthorized access and ensuring data integrity.
However, the provided information does not explicitly mention compliance impacts or specific regulatory considerations.