CVE-2025-12923 – This vulnerability in ChestnutCMS allows attack... (How to Fix)

Q: What is the severity of CVE-2025-12923?

CVE-2025-12923 has a CVSS score of 2.7 (LOW). This vulnerability in ChestnutCMS allows attackers to perform path traversal attacks via the resourceDownload function, enabling unauthorized file reads. Attackers can remotely exploit this to access sensitive files on the server. Systems running ChestnutCMS versions up to 1.5.8 are affected.

📋 TL;DR

This vulnerability in ChestnutCMS allows attackers to perform path traversal attacks via the resourceDownload function, enabling unauthorized file reads. Attackers can remotely exploit this to access sensitive files on the server. Systems running ChestnutCMS versions up to 1.5.8 are affected.

💻 Affected Systems

Products:

liweiyi ChestnutCMS

Versions: up to 1.5.8

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: Affects the /dev-api/common/download endpoint with path parameter manipulation.

📦 What is this software?

Chestnutcms by 1000mz

View all CVEs affecting Chestnutcms →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could read sensitive server files like configuration files, credentials, or source code, potentially leading to further compromise.

🟠

Likely Case

Unauthorized reading of application files, configuration data, or other sensitive information stored on the server.

🟢

If Mitigated

Limited impact if proper file permissions and input validation are in place, though the vulnerability still exists.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Public exploit available on GitHub, remote exploitation possible without authentication.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: None known

Restart Required: No

Instructions:

No official patch available. Consider upgrading if a patched version becomes available or implement workarounds.

🔧 Temporary Workarounds

Input Validation and Sanitization

all

Implement strict input validation for the path parameter to prevent directory traversal sequences.

Web Application Firewall Rule

all

Add WAF rules to block requests containing directory traversal patterns like ../ or absolute paths.

🧯 If You Can't Patch

Restrict access to the /dev-api/common/download endpoint using network controls or authentication.
Implement strict file system permissions to limit what files the web server process can read.

🔍 How to Verify

Check if Vulnerable:

Test by sending a request to /dev-api/common/download with a path parameter containing directory traversal sequences (e.g., ../../../etc/passwd).

Check Version:

Check the CMS version in the admin panel or configuration files.

Verify Fix Applied:

Verify that path traversal attempts are blocked or sanitized, and only allowed files can be accessed.

📡 Detection & Monitoring

Log Indicators:

Unusual access patterns to /dev-api/common/download with path parameters containing ../ or similar sequences.

Network Indicators:

HTTP requests to /dev-api/common/download with suspicious path values.

SIEM Query:

source="web_logs" AND uri_path="/dev-api/common/download" AND (uri_query="*../*" OR uri_query="*..\\*" OR uri_query="*%2e%2e%2f*")

📊 Metadata

CVE ID: CVE-2025-12923

CVSS v3 Score: 2.7 (LOW)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N

CWE: CWE-22

EPSS Score: 0.19% exploit probability (40.6th percentile)

Published: November 10, 2025

Last Updated: November 21, 2025

🔗 References

https://github.com/Huu1j/CVE/blob/main/chestnutcms%20Arbitrary%20File%20Read.md Exploit,Third Party Advisory
https://vuldb.com/?ctiid.331643 Permissions Required,VDB Entry
https://vuldb.com/?id.331643 Third Party Advisory,VDB Entry
https://vuldb.com/?submit.681032 Third Party Advisory,VDB Entry

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-12923, you might also want to check these: