CVE-2025-23011
Published: 23 January 2025
Description
Fedora Repository 3.8.1 allows path traversal when extracting uploaded archives ("Zip Slip"). A remote, authenticated attacker can upload a specially crafted archive that will extract an arbitrary JSP file to a location that can be executed by an unauthenticated GET request. Fedora Repository 3.8.1 was released on 2015-06-11 and is no longer maintained. Migrate to a currently supported version (6.5.1 as of 2025-01-23).
Security Summary
CVE-2025-23011 is a path traversal vulnerability, referred to as "Zip Slip," affecting Fedora Repository version 3.8.1. The flaw exists in the component responsible for extracting uploaded archives, enabling files to be written to arbitrary locations outside the intended extraction directory.
A remote, authenticated attacker can exploit this vulnerability by uploading a specially crafted archive. Upon extraction, the archive can place an arbitrary JSP file in a location executable via an unauthenticated GET request, potentially allowing remote code execution. The vulnerability has a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) and is associated with CWE-23.
Fedora Repository 3.8.1, released on 2015-06-11, is no longer maintained, and mitigation requires migrating to a currently supported version such as 6.5.1 as of 2025-01-23. Advisories and resources include migration utilities at https://github.com/fcrepo-exts/migration-utils, release notes at https://github.com/fcrepo/fcrepo/releases, and the CSAF document at https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2025/va-25-021-01.json.
Details
- CWE(s)