CVE-2025-11913 – This CVE describes a path traversal vulnerabili... (How to Fix)

Q: What is the severity of CVE-2025-11913?

CVE-2025-11913 has a CVSS score of 4.3 (MEDIUM). This CVE describes a path traversal vulnerability in Shenzhen Ruiming Technology's Streamax Crocus system version 1.3.40. Attackers can remotely exploit the Download function to access arbitrary files on the server by manipulating the Path parameter. Organizations using this specific version of the Streamax Crocus system are affected.

📋 TL;DR

This CVE describes a path traversal vulnerability in Shenzhen Ruiming Technology's Streamax Crocus system version 1.3.40. Attackers can remotely exploit the Download function to access arbitrary files on the server by manipulating the Path parameter. Organizations using this specific version of the Streamax Crocus system are affected.

💻 Affected Systems

Products:

Shenzhen Ruiming Technology Streamax Crocus

Versions: 1.3.40

Operating Systems: Unknown - likely various Linux distributions

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects version 1.3.40 of the Streamax Crocus system. The vulnerability is in the web interface's Download function.

📦 What is this software?

Streamax Crocus by Streamax

View all CVEs affecting Streamax Crocus →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise through sensitive file disclosure (configuration files, credentials, system files) leading to further attacks or data exfiltration.

🟠

Likely Case

Unauthorized access to sensitive files containing configuration data, logs, or credentials that could enable lateral movement or privilege escalation.

🟢

If Mitigated

Limited file access restricted by proper input validation and file system permissions, preventing access to critical system files.

🌐 Internet-Facing: HIGH - The vulnerability can be exploited remotely, making internet-facing instances particularly vulnerable to external attackers.

🏢 Internal Only: MEDIUM - Internal attackers or compromised internal systems could exploit this vulnerability to access sensitive files on the server.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploit details have been publicly disclosed on GitHub. The vulnerability requires manipulation of the Path parameter in the Download function.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: None available - vendor did not respond to disclosure

Restart Required: No

Instructions:

No official patch available. Contact Shenzhen Ruiming Technology for updated version information and security patches.

🔧 Temporary Workarounds

Input Validation Filter

all

Implement input validation to reject path traversal sequences (../, ..\) in the Path parameter

Implement web application firewall rules to block requests containing path traversal patterns

Access Restriction

all

Restrict access to the vulnerable endpoint using network controls or authentication

Configure firewall rules to limit access to /Service.do?Action=Download from trusted sources only

🧯 If You Can't Patch

Implement network segmentation to isolate the vulnerable system from critical assets
Deploy a web application firewall (WAF) with rules to detect and block path traversal attempts

🔍 How to Verify

Check if Vulnerable:

Test if the /Service.do?Action=Download endpoint accepts path traversal sequences in the Path parameter (e.g., ../../../etc/passwd)

Check Version:

Check system documentation or web interface for version information (likely displayed in admin panel)

Verify Fix Applied:

Verify that path traversal attempts are rejected with proper error messages and no file access occurs

📡 Detection & Monitoring

Log Indicators:

HTTP requests to /Service.do?Action=Download with suspicious Path parameters containing ../ patterns
Access to unexpected system files from web server process

Network Indicators:

Unusual file download patterns from the web server
Requests attempting directory traversal sequences

SIEM Query:

web.url:*Service.do?Action=Download* AND (web.param.Path:*../* OR web.param.Path:*..\*)

📊 Metadata

CVE ID: CVE-2025-11913

CVSS v3 Score: 4.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CWE: CWE-22

EPSS Score: 0.11% exploit probability (29.5th percentile)

Published: October 17, 2025

Last Updated: October 31, 2025

🔗 References

https://github.com/FightingLzn9/vul/blob/main/%E6%B7%B1%E5%9C%B3%E5%B8%82%E9%94%90%E6%98%8E%E6%8A%80%E6%9C%AF%E8%82%A1%E4%BB%BD%E6%9C%89%E9%99%90%E5%85%AC%E5%8F%B8Crocus%E7%B3%BB%E7%BB%9F-6.md Exploit,Third Party Advisory
https://vuldb.com/?ctiid.328923 Permissions Required,VDB Entry
https://vuldb.com/?id.328923 Third Party Advisory,VDB Entry
https://vuldb.com/?submit.671480 Third Party Advisory,VDB Entry

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-11913, you might also want to check these: