CVE-2025-1336
Published: 16 February 2025
Description
Adversaries may delete files left behind by the actions of their intrusion activity.
Security Summary
CVE-2025-1336 is a path traversal vulnerability (CWE-22) affecting CmsEasy version 7.7.7.9. The issue resides in the deleteimg_action function within the library file lib/admin/image_admin.php, where the imgname argument can be manipulated to traverse directories outside the intended path. This vulnerability has a CVSS v3.1 base score of 4.3 (AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N), classifying it as medium severity with low confidentiality impact and no impact on integrity or availability.
The vulnerability can be exploited remotely by an authenticated attacker with low privileges (PR:L), requiring only network access and low attack complexity. Successful exploitation allows the attacker to read arbitrary files on the server by leveraging the path traversal in the imgname parameter, potentially exposing sensitive configuration data, source code, or other files outside the web root.
Advisories from VulDB and a public GitHub disclosure detail the vulnerability, including a proof-of-concept exploit. The vendor was notified early but has not responded or issued a patch. Security practitioners should restrict access to the affected admin functionality, implement input validation and sanitization for file paths, and monitor for exploitation attempts using the disclosed PoC.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
Path traversal vulnerability in public-facing CMS enables exploitation (T1190) and arbitrary file deletion for indicator removal (T1070.004).