Login Sign Up

CVE-2024-25006

8.1 HIGH

📋 TL;DR

This vulnerability allows authenticated XenForo administrators with style management permissions to perform directory traversal attacks when importing styles via ZIP archives. Attackers can write arbitrary files outside intended directories, potentially leading to remote code execution. Only XenForo installations with users granted style administration permissions are affected.

💻 Affected Systems

Products:
  • XenForo
Versions: All versions before 2.2.14
Operating Systems: All platforms running XenForo
Default Config Vulnerable: ⚠️ Yes
Notes: Requires authenticated user with 'Admin styles' permission enabled.

📦 What is this software?

Xenforo by Xenforo

View all CVEs affecting Xenforo →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system compromise, data theft, or website defacement.

🟠

Likely Case

Unauthorized file writes allowing modification of configuration files, installation of backdoors, or data manipulation.

🟢

If Mitigated

Limited to authenticated administrators with specific permissions, reducing attack surface.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires valid admin credentials with style permissions and knowledge of directory structure.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2.2.14

Vendor Advisory: https://xenforo.com/community/threads/xenforo-2-2-14-released.219044/

Restart Required: No

Instructions:

1. Backup your XenForo installation and database. 2. Download XenForo 2.2.14 from official sources. 3. Upload files to your server, overwriting existing files. 4. Run the upgrade script via your browser.

🔧 Temporary Workarounds

Disable style import functionality

all

Remove style import permissions from all users to prevent exploitation.

Navigate to Admin CP > Users > User group permissions > Edit permissions > Uncheck 'Admin styles' for all groups

🧯 If You Can't Patch

  • Restrict style administration permissions to only essential trusted administrators
  • Implement file integrity monitoring on XenForo directories to detect unauthorized file writes

🔍 How to Verify

Check if Vulnerable:

Check XenForo version in Admin Control Panel or via /admin.php?tools/test

Check Version:

Check /admin.php dashboard or inspect includes/config.php for version information

Verify Fix Applied:

Confirm version is 2.2.14 or later in Admin Control Panel

📡 Detection & Monitoring

Log Indicators:

  • Unusual ZIP file uploads via style import
  • File write operations outside expected style directories
  • Admin user performing unexpected style imports

Network Indicators:

  • POST requests to /admin.php?styles/import containing ZIP files
  • Unusual file upload patterns from admin accounts

SIEM Query:

source="xenforo_logs" AND (event="style_import" OR event="file_upload") AND (path="../" OR path="..\\")

📊 Metadata

CVE ID: CVE-2024-25006
CVSS v3 Score: 8.1 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
CWE: CWE-22
Published: February 29, 2024
Last Updated: May 8, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-25006, you might also want to check these:

CVE-2024-43955 10.0

CVE-2024-43955 is an unauthenticated path traversal vulnerability in the Droip WordPress plugin that...

Same vulnerability type (CWE-22)
CVE-2025-54261 10.0

This critical path traversal vulnerability in Adobe ColdFusion allows attackers to escape restricted...

Same vulnerability type (CWE-22)
CVE-2024-40628 10.0

This critical vulnerability in JumpServer allows attackers to read arbitrary files from the Celery c...

Same vulnerability type (CWE-22)