CVE-2021-25877 – CVE-2021-25877 is an insecure file write vulner... (How to Fix)

Q: What is the severity of CVE-2021-25877?

CVE-2021-25877 has a CVSS score of 7.2 (HIGH). CVE-2021-25877 is an insecure file write vulnerability in AVideo/YouPHPTube that allows authenticated administrators to write arbitrary files to the server filesystem. This affects versions 10.0 and prior. Attackers with admin credentials can potentially achieve remote code execution.

📋 TL;DR

CVE-2021-25877 is an insecure file write vulnerability in AVideo/YouPHPTube that allows authenticated administrators to write arbitrary files to the server filesystem. This affects versions 10.0 and prior. Attackers with admin credentials can potentially achieve remote code execution.

💻 Affected Systems

Products:

AVideo
YouPHPTube

Versions: 10.0 and prior

Operating Systems: Any OS running PHP

Default Config Vulnerable: ⚠️ Yes

Notes: Requires administrator-level access to exploit. Default installations with default admin credentials are particularly vulnerable.

📦 What is this software?

Youphptube by Youphptube

View all CVEs affecting Youphptube →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full server compromise via remote code execution, allowing attackers to install backdoors, steal data, or pivot to other systems.

🟠

Likely Case

Webshell deployment leading to persistent access, data exfiltration, or service disruption.

🟢

If Mitigated

Limited impact if proper access controls restrict admin privileges and file system permissions are properly configured.

🌐 Internet-Facing: HIGH - Web applications exposed to the internet are directly accessible to attackers who obtain admin credentials.

🏢 Internal Only: MEDIUM - Internal systems still vulnerable if admin credentials are compromised through phishing or other means.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires admin credentials but is straightforward once obtained. Public proof-of-concept details are available in the Synacktiv report.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Versions after 10.0

Vendor Advisory: http://avideoyouphptube.com

Restart Required: No

Instructions:

1. Upgrade to AVideo/YouPHPTube version newer than 10.0. 2. Apply any available security patches from the vendor. 3. Verify the save.php file has been updated to properly validate and sanitize file write operations.

🔧 Temporary Workarounds

Restrict admin access

all

Limit administrator accounts to trusted users only and implement strong authentication controls.

File system permissions hardening

linux

Set strict file system permissions to limit write access to web directories.

chmod 755 /var/www/html
chown www-data:www-data /var/www/html -R

🧯 If You Can't Patch

Implement network segmentation to isolate AVideo/YouPHPTube instances from critical systems.
Deploy web application firewall (WAF) rules to block suspicious file write attempts to save.php.

🔍 How to Verify

Check if Vulnerable:

Check if running AVideo/YouPHPTube version 10.0 or earlier. Review save.php file for lack of proper input validation on flag and code parameters.

Check Version:

Check configuration files or admin panel for version information, typically in config.php or similar.

Verify Fix Applied:

Confirm version is newer than 10.0. Verify save.php includes proper input validation and file path sanitization.

📡 Detection & Monitoring

Log Indicators:

Unusual file write operations in web server logs
Multiple POST requests to save.php with suspicious parameters
Administrator login from unexpected IP addresses

Network Indicators:

HTTP POST requests to /save.php with flag and code parameters
Unusual outbound connections from web server

SIEM Query:

source="web_logs" AND uri="/save.php" AND (method="POST" AND (param="flag" OR param="code"))

📊 Metadata

CVE ID: CVE-2021-25877

CVSS v3 Score: 7.2 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-94

Published: November 1, 2021

Last Updated: November 21, 2024

🔗 References

http://avideoyouphptube.com Broken Link,Product,URL Repurposed
https://synacktiv.com Product
https://www.synacktiv.com/sites/default/files/2021-01/YouPHPTube_Multiple_Vulnerabilities.pdf Exploit,Vendor Advisory
http://avideoyouphptube.com Broken Link,Product,URL Repurposed
https://synacktiv.com Product
https://www.synacktiv.com/sites/default/files/2021-01/YouPHPTube_Multiple_Vulnerabilities.pdf Exploit,Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-25877, you might also want to check these: