CVE-2025-11631
Published: 12 October 2025
Description
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Security Summary
CVE-2025-11631 is a path traversal vulnerability (CWE-22) in RainyGao DocSys versions up to 2.02.36. The issue affects an unknown functionality within the /Doc/deleteDoc.do endpoint, where manipulation of the "path" argument enables attackers to traverse directories and potentially access or manipulate files outside the intended scope.
The vulnerability is exploitable remotely (AV:N) by low-privileged authenticated users (PR:L) with low attack complexity (AC:L) and no user interaction required (UI:N). Successful exploitation results in low impacts to integrity (I:L) and availability (A:L), with no confidentiality impact (C:N), yielding a CVSS v3.1 base score of 5.4 in the medium severity range (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L). Given the deleteDoc.do context, this could facilitate unauthorized file deletion.
VulDB advisories detail the issue and note that an exploit has been publicly disclosed on GitHub, including proof-of-concept code. The vendor was contacted early for disclosure but provided no response, and no patches or official mitigations are referenced. Security practitioners should restrict access to the endpoint, implement strict path validation, and monitor for exploitation attempts.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
Path traversal in /Doc/deleteDoc.do enables exploitation of a public-facing web application (T1190) for arbitrary remote file deletion (T1070.004), impacting integrity and availability.