CVE-2025-66945
Path Traversal in Zdir Pro 4.x ZIP API Enables RCE
Publication date: 2026-03-03
Last updated on: 2026-03-04
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| zdir | zdir | From 4.1.1 (inc) to 4.6.2 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-787 | The product writes data past the end, or before the beginning, of the intended buffer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
[{'type': 'paragraph', 'content': 'CVE-2025-66945 is a path traversal vulnerability in the ZIP extraction API of Zdir Pro version 4.x, a private file sharing and storage application. When a specially crafted ZIP archive containing directory traversal sequences like "../" is processed by the backend API endpoint at /api/extract, the application fails to properly sanitize or canonicalize file paths.'}, {'type': 'paragraph', 'content': 'This improper handling allows files to be written outside the intended extraction directory, leading to arbitrary file overwrite. The vulnerability arises because the function responsible for joining file paths does not clean dangerous path characters, and the extracted paths are used directly without validation.'}, {'type': 'paragraph', 'content': 'As a result, an authenticated attacker can craft a malicious ZIP archive that overwrites arbitrary files on the server filesystem, potentially enabling remote code execution.'}] [1, 2]
How can this vulnerability impact me? :
This vulnerability can have serious impacts including arbitrary file overwrite on the server hosting Zdir Pro. An attacker with authentication can upload a crafted ZIP file that writes files outside the intended directory.
Such arbitrary file overwrites can lead to remote code execution, allowing the attacker to execute malicious code on the server, potentially compromising the entire system.
This can result in data loss, unauthorized access, system compromise, and disruption of services.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': 'This vulnerability can be detected by testing the ZIP extraction API endpoint at /api/extract with specially crafted ZIP archives containing directory traversal sequences such as "../".'}, {'type': 'paragraph', 'content': 'A practical detection method involves uploading a malicious ZIP file via the administration panelβs file upload section and observing if files are written outside the intended extraction directory.'}, {'type': 'paragraph', 'content': 'For example, you can use curl or similar HTTP clients to send a crafted ZIP file to the /api/extract endpoint and monitor the filesystem for unexpected file creation outside the target directory.'}, {'type': 'list_item', 'content': "Use curl to upload a crafted ZIP file: curl -X POST -F '[email protected]' https://your-zdir-instance/api/extract"}, {'type': 'list_item', 'content': 'Check for unexpected files outside the extraction directory, e.g., ls /tmp/evil.txt or other suspicious paths.'}, {'type': 'list_item', 'content': 'Monitor logs and filesystem changes during extraction to detect arbitrary file writes.'}] [1, 2]
What immediate steps should I take to mitigate this vulnerability?
[{'type': 'paragraph', 'content': 'Immediate mitigation steps include blocking ZIP entries that contain absolute paths or parent directory traversal sequences such as "../" before extraction.'}, {'type': 'paragraph', 'content': 'Validate and sanitize all input filenames in ZIP archives to prevent directory traversal.'}, {'type': 'paragraph', 'content': 'Normalize and canonicalize extraction paths to ensure files are extracted only within the intended directory.'}, {'type': 'paragraph', 'content': 'Enforce sandbox boundaries so that all extracted files remain confined within a predefined root directory.'}, {'type': 'paragraph', 'content': 'Use secure ZIP handling libraries that provide built-in protections against path traversal.'}, {'type': 'paragraph', 'content': 'Apply defense-in-depth strategies when processing untrusted archives, such as running extraction in isolated environments or containers.'}, {'type': 'paragraph', 'content': 'Currently, no official fix is available for Zdir Pro 4.x, so these mitigations are critical to reduce risk.'}] [2]