CVE-2025-0461
Published: 14 January 2025
Description
Adversaries may leverage Customer Relationship Management (CRM) software to mine valuable information.
Security Summary
CVE-2025-0461 is a path traversal vulnerability (CWE-22) discovered in Shanghai Lingdang Information Technology's Lingdang CRM software, affecting versions up to 8.6.0.0. The issue resides in unknown code within the file /crm/weixinmp/index.php?userid=123&module=Users&usid=1&action=UsersAjax&minipro_const_type=1&related_module=Singin, where manipulation of the pathfile argument enables attackers to traverse directories and access unauthorized files.
The vulnerability can be exploited remotely by an authenticated attacker with low privileges (PR:L), requiring no user interaction (UI:N) and low attack complexity (AC:L). Successful exploitation results in limited confidentiality impact (C:L), allowing read access to files outside the intended directory, with no impact on integrity or availability (I:N/A:N). The CVSS v3.1 base score is 4.3 (AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N), classifying it as medium severity.
VulDB advisories (ctiid.291478, id.291478, submit.474252) document the issue, and a proof-of-concept exploit is publicly available in a GitHub repository (BxYQ/ld/blob/main/downloadSocialPromotionQrcode_fileread.doc). The vendor was notified early but has not responded or issued any patches or mitigations as of the CVE publication on 2025-01-14.
The exploit has been disclosed to the public and may be actively used, increasing the risk for unpatched Lingdang CRM deployments.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
Path traversal (CWE-22) in public-facing CRM web application enables remote arbitrary file read (T1006: Direct Volume Access), exploitation of public-facing application for initial access (T1190), and collection of data from CRM information repository (T1213.004).