CVE-2025-11631 – This CVE describes a path traversal vulnerabili... (How to Fix)

Q: What is the severity of CVE-2025-11631?

CVE-2025-11631 has a CVSS score of 5.4 (MEDIUM). This CVE describes a path traversal vulnerability in RainyGao DocSys up to version 2.02.36. Attackers can remotely manipulate the 'path' parameter in the /Doc/deleteDoc.do endpoint to delete arbitrary files on the server. Organizations running vulnerable versions of DocSys are affected.

📋 TL;DR

This CVE describes a path traversal vulnerability in RainyGao DocSys up to version 2.02.36. Attackers can remotely manipulate the 'path' parameter in the /Doc/deleteDoc.do endpoint to delete arbitrary files on the server. Organizations running vulnerable versions of DocSys are affected.

💻 Affected Systems

Products:

RainyGao DocSys

Versions: Up to and including 2.02.36

Operating Systems: All platforms running DocSys

Default Config Vulnerable: ⚠️ Yes

Notes: All default installations up to version 2.02.36 are vulnerable. The vulnerability exists in the /Doc/deleteDoc.do endpoint.

📦 What is this software?

Docsys by Docsys Project

View all CVEs affecting Docsys →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise through deletion of critical system files, leading to service disruption, data loss, or operating system instability.

🟠

Likely Case

Unauthorized deletion of application files, configuration files, or user documents, causing service disruption and data loss.

🟢

If Mitigated

Limited impact with proper file permissions and access controls preventing deletion of critical system files.

🌐 Internet-Facing: HIGH - The vulnerability can be exploited remotely without authentication, making internet-facing instances particularly vulnerable.

🏢 Internal Only: MEDIUM - Internal instances are still vulnerable but may have additional network segmentation and access controls.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploit details are publicly available on GitHub. The vulnerability requires no authentication and has simple exploitation steps.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: None available

Restart Required: No

Instructions:

No official patch available. Vendor did not respond to disclosure. Consider upgrading to any version above 2.02.36 if available, or implement workarounds.

🔧 Temporary Workarounds

Input Validation Filter

all

Implement input validation to block path traversal sequences in the 'path' parameter

Implement server-side validation to reject paths containing '../', '..\', or absolute paths

Web Application Firewall Rule

all

Block requests to /Doc/deleteDoc.do containing path traversal patterns

WAF rule: Block requests where path parameter contains '../', '..\', or absolute path patterns

🧯 If You Can't Patch

Restrict network access to DocSys instances using firewall rules
Implement strict file system permissions to limit what files the DocSys process can delete

🔍 How to Verify

Check if Vulnerable:

Check if DocSys version is 2.02.36 or earlier and test if /Doc/deleteDoc.do endpoint accepts path traversal sequences

Check Version:

Check application version in admin interface or configuration files

Verify Fix Applied:

Test that path traversal attempts to /Doc/deleteDoc.do are properly rejected

📡 Detection & Monitoring

Log Indicators:

HTTP requests to /Doc/deleteDoc.do with unusual path parameters
File deletion events in system logs from DocSys process

Network Indicators:

HTTP POST requests to /Doc/deleteDoc.do with path traversal sequences in parameters

SIEM Query:

source="webserver" AND uri_path="/Doc/deleteDoc.do" AND (param_path CONTAINS "../" OR param_path CONTAINS "..\\")

📊 Metadata

CVE ID: CVE-2025-11631

CVSS v3 Score: 5.4 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L

CWE: CWE-22

EPSS Score: 0.16% exploit probability (37.1th percentile)

Published: October 12, 2025

Last Updated: October 30, 2025

🔗 References

https://github.com/xkalami-Tta0/CVE/blob/main/DocSys/%E4%BB%BB%E6%84%8F%E6%96%87%E4%BB%B6%E5%88%A0%E9%99%A4.md Exploit
https://vuldb.com/?ctiid.328043 Permissions Required,VDB Entry
https://vuldb.com/?id.328043 Third Party Advisory,VDB Entry
https://vuldb.com/?submit.664848 Third Party Advisory,VDB Entry
https://github.com/xkalami-Tta0/CVE/blob/main/DocSys/%E4%BB%BB%E6%84%8F%E6%96%87%E4%BB%B6%E5%88%A0%E9%99%A4.md Exploit

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-11631, you might also want to check these: