Login Sign Up

CVE-2025-0461

4.3 MEDIUM
Path Traversal

📋 TL;DR

This CVE describes a path traversal vulnerability in Shanghai Lingdang Information Technology's Lingdang CRM software. Attackers can manipulate the 'pathfile' parameter to access files outside the intended directory. This affects all Lingdang CRM installations up to version 8.6.0.0.

💻 Affected Systems

Products:
  • Shanghai Lingdang Information Technology Lingdang CRM
Versions: up to 8.6.0.0
Operating Systems: Any OS running the affected software
Default Config Vulnerable: ⚠️ Yes
Notes: Affects the specific endpoint /crm/weixinmp/index.php with the vulnerable parameters

📦 What is this software?

Lingdang Crm by 51mis

View all CVEs affecting Lingdang Crm →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could read sensitive system files, configuration files, or application source code, potentially leading to credential theft, system compromise, or further exploitation.

🟠

Likely Case

Unauthorized file reading of application files, configuration files, or other accessible files within the web server context.

🟢

If Mitigated

Limited impact with proper file permissions and web server sandboxing, though information disclosure may still occur.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploit details are publicly available in the referenced GitHub document. The vulnerability requires no authentication and has simple exploitation steps.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: None available

Restart Required: No

Instructions:

No official patch available. Vendor has not responded to disclosure. Consider workarounds or alternative software.

🔧 Temporary Workarounds

Web Application Firewall Rule

all

Block or sanitize requests containing path traversal patterns in the pathfile parameter

WAF-specific configuration required

Input Validation Filter

all

Add server-side validation to reject pathfile parameters containing '../' or absolute paths

Application-specific code modification required

🧯 If You Can't Patch

  • Restrict network access to the CRM application to trusted IPs only
  • Implement strict file system permissions to limit what files the web server can read

🔍 How to Verify

Check if Vulnerable:

Test by accessing the vulnerable endpoint with a path traversal payload in the pathfile parameter and checking for file disclosure

Check Version:

Check CRM version in application interface or configuration files

Verify Fix Applied:

Verify that path traversal attempts return error messages or are blocked rather than disclosing files

📡 Detection & Monitoring

Log Indicators:

  • HTTP requests to /crm/weixinmp/index.php containing '../' or similar patterns in parameters
  • Unusual file access patterns from web server process

Network Indicators:

  • HTTP requests with path traversal sequences in URL parameters

SIEM Query:

web.url:*crm/weixinmp/index.php* AND (web.query:*../* OR web.query:*..\*)

📊 Metadata

CVE ID: CVE-2025-0461
CVSS v3 Score: 4.3 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
CWE: CWE-22
EPSS Score: 0.44% exploit probability (62.6th percentile)
Published: January 14, 2025
Last Updated: August 28, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-0461, you might also want to check these:

CVE-2024-43955 10.0

CVE-2024-43955 is an unauthenticated path traversal vulnerability in the Droip WordPress plugin that...

Same vulnerability type (CWE-22)
CVE-2025-54261 10.0

This critical path traversal vulnerability in Adobe ColdFusion allows attackers to escape restricted...

Same vulnerability type (CWE-22)
CVE-2024-40628 10.0

This critical vulnerability in JumpServer allows attackers to read arbitrary files from the Celery c...

Same vulnerability type (CWE-22)