Login Sign Up

CVE-2020-25247

7.5 HIGH

📋 TL;DR

This CVE describes a directory traversal vulnerability in Hyland OnBase that allows attackers to write files to arbitrary locations on the server. Attackers can exploit this by manipulating the FileName parameter to traverse directories and write malicious files. This affects OnBase versions through 18.0.0.32 and 19.x through 19.8.9.1000.

💻 Affected Systems

Products:
  • Hyland OnBase
Versions: Through 18.0.0.32 and 19.x through 19.8.9.1000
Operating Systems: Windows (primary deployment platform)
Default Config Vulnerable: ⚠️ Yes
Notes: Affects all deployments with vulnerable versions regardless of configuration.

📦 What is this software?

Onbase by Hyland

View all CVEs affecting Onbase →

Onbase by Hyland

View all CVEs affecting Onbase →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise via arbitrary file write leading to remote code execution, data exfiltration, or system destruction.

🟠

Likely Case

Unauthorized file creation/modification leading to data corruption, privilege escalation, or persistence mechanisms.

🟢

If Mitigated

Limited impact with proper file system permissions, input validation, and network segmentation in place.

🌐 Internet-Facing: HIGH - If exposed to internet, attackers can directly exploit without internal access.
🏢 Internal Only: MEDIUM - Still significant risk from insider threats or compromised internal systems.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Directory traversal vulnerabilities are typically easy to exploit with basic HTTP parameter manipulation.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Versions after 18.0.0.32 and 19.8.9.1000

Vendor Advisory: https://www.hyland.com/en/security-advisories

Restart Required: Yes

Instructions:

1. Contact Hyland support for appropriate patches. 2. Apply patches to all affected OnBase servers. 3. Restart OnBase services. 4. Test functionality after patching.

🔧 Temporary Workarounds

Input Validation Filter

all

Implement web application firewall or input validation to block directory traversal patterns

WAF rule: block requests containing '../' or '..\' in FileName parameter

File System Permissions

windows

Restrict write permissions to OnBase application directories only

Windows: icacls "C:\Program Files\OnBase" /deny "Everyone":(OI)(CI)W

🧯 If You Can't Patch

  • Network segmentation: Isolate OnBase servers from internet and restrict internal access
  • Implement strict file system permissions and monitor for unauthorized file writes

🔍 How to Verify

Check if Vulnerable:

Check OnBase version via administration console or registry: HKEY_LOCAL_MACHINE\SOFTWARE\OnBase\Version

Check Version:

reg query "HKLM\SOFTWARE\OnBase" /v Version

Verify Fix Applied:

Verify version is above vulnerable ranges and test FileName parameter with traversal attempts returns error

📡 Detection & Monitoring

Log Indicators:

  • HTTP requests with '../' or '..\' in FileName parameter
  • Unexpected file creation in system directories

Network Indicators:

  • HTTP POST/PUT requests to OnBase endpoints with path traversal patterns

SIEM Query:

source="onbase.log" AND (FileName="*../*" OR FileName="*..\\*")

📊 Metadata

CVE ID: CVE-2020-25247
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
CWE: CWE-22
Published: September 11, 2020
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2020-25247, you might also want to check these:

CVE-2024-43955 10.0

CVE-2024-43955 is an unauthenticated path traversal vulnerability in the Droip WordPress plugin that...

Same vulnerability type (CWE-22)
CVE-2025-54261 10.0

This critical path traversal vulnerability in Adobe ColdFusion allows attackers to escape restricted...

Same vulnerability type (CWE-22)
CVE-2024-40628 10.0

This critical vulnerability in JumpServer allows attackers to read arbitrary files from the Celery c...

Same vulnerability type (CWE-22)