Cyber Posture

CVE-2025-65897

High

Published: 05 December 2025

Published
05 December 2025
Modified
12 December 2025
KEV Added
Patch
CVSS Score 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0027 50.3th percentile
Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Description

zdh_web is a data collection, processing, monitoring, scheduling, and management platform. In zdh_web thru 5.6.17, insufficient validation of file upload paths in the application allows an authenticated user to write arbitrary files to the server file system, potentially overwriting existing…

more

files and leading to privilege escalation or remote code execution.

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match
prevent

Directly requires validation of file upload paths to block path traversal attacks enabling arbitrary file writes.

AC-3 Access Enforcement good match
prevent

Enforces logical access controls to restrict authenticated users from writing files outside authorized directories on the server.

AC-6 Least Privilege partial match
prevent

Applies least privilege to the application process, limiting damage from arbitrary file overwrites by restricting write access to sensitive locations.

Security SummaryAI

CVE-2025-65897 affects zdh_web, an open-source data collection, processing, monitoring, scheduling, and management platform, through version 5.6.17. The vulnerability stems from insufficient validation of file upload paths in the application, enabling authenticated users to write arbitrary files to the server file system. This issue, associated with CWE-22 (Improper Limitation of a Pathname to a Restricted Directory) and CWE-434 (Comparison of Classes by Name), carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating high severity due to its potential for confidentiality, integrity, and availability impacts.

An attacker with low-privilege authenticated access (PR:L) can exploit this over the network (AV:N) with low complexity and no user interaction required. By crafting malicious file upload paths, they can place files in arbitrary locations on the server, overwriting critical system files. This may lead to privilege escalation by modifying configuration files or executables, or remote code execution if suitable files like scripts or binaries are overwritten or uploaded.

Mitigation details are available in the project's GitHub repository at https://github.com/zhaoyachao/zdh_web. A fix appears in commit b2423378a8bf83f159f19ce4e14eac71c939793a, with related discussion in issue #40 and pull request #39, recommending upgrade to a patched version beyond 5.6.17.

Details

CWE(s)
CWE-22CWE-434

Affected Products

zhaoyachao
zdh web
≤ 5.6.17

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
attack.mitre.org →
T1210 Exploitation of Remote Services Lateral Movement
Adversaries may exploit remote services to gain unauthorized access to internal systems once inside of a network.
attack.mitre.org →
T1505.003 Web Shell Persistence
Adversaries may backdoor web servers with web shells to establish persistent access to systems.
attack.mitre.org →
Why these techniques?

Arbitrary file write via path traversal enables exploitation of remote services (T1210), privilege escalation by overwriting critical files/executables (T1068), and RCE via uploaded web shells or scripts (T1505.003).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

References