CVE-2025-13564 – CVE-2025-13564 is an arbitrary file deletion vu... (How to Fix)

Q: What is the severity of CVE-2025-13564?

CVE-2025-13564 has a CVSS score of 5.4 (MEDIUM). CVE-2025-13564 is an arbitrary file deletion vulnerability in SourceCodester Pre-School Management System 1.0. Attackers can remotely manipulate the filepath parameter in the removefile function to delete arbitrary files, causing denial of service. Organizations using this specific version of the software are affected.

📋 TL;DR

CVE-2025-13564 is an arbitrary file deletion vulnerability in SourceCodester Pre-School Management System 1.0. Attackers can remotely manipulate the filepath parameter in the removefile function to delete arbitrary files, causing denial of service. Organizations using this specific version of the software are affected.

💻 Affected Systems

Products:

SourceCodester Pre-School Management System

Versions: 1.0

Operating Systems: Any OS running PHP

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects version 1.0 of this specific software. Requires PHP environment.

📦 What is this software?

Pre School Management System by Kimz190

View all CVEs affecting Pre School Management System →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Critical system files could be deleted, causing complete system unavailability, data loss, or requiring full system restoration from backups.

🟠

Likely Case

Attackers delete application files, configuration files, or user data, causing service disruption and requiring file restoration.

🟢

If Mitigated

With proper file permissions and monitoring, impact is limited to non-critical files with minimal service disruption.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: CONFIRMED

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Public exploit available on GitHub. Remote exploitation without authentication is possible.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Not available

Vendor Advisory: https://www.sourcecodester.com/

Restart Required: No

Instructions:

No official patch available. Consider upgrading to a newer version if available or implementing workarounds.

🔧 Temporary Workarounds

Input Validation and Sanitization

all

Add server-side validation to restrict filepath parameter to allowed directories only

Modify app/controllers/FilehelperController.php to validate filepath against whitelist

File Permission Restrictions

linux

Set strict file permissions to limit what files the web server user can delete

chmod 644 for files, chmod 755 for directories, restrict web server user permissions

🧯 If You Can't Patch

Implement web application firewall (WAF) rules to block requests with suspicious filepath parameters
Restrict network access to the application using firewall rules or network segmentation

🔍 How to Verify

Check if Vulnerable:

Check if running SourceCodester Pre-School Management System version 1.0 by examining version files or application metadata

Check Version:

Check version.txt or similar files in application directory, or examine PHP application headers

Verify Fix Applied:

Test the removefile endpoint with malicious filepath parameters to ensure proper validation

📡 Detection & Monitoring

Log Indicators:

HTTP requests to FilehelperController.php with unusual filepath parameters
File deletion errors in application logs
404 errors for unexpectedly missing files

Network Indicators:

HTTP POST requests to removefile endpoint with directory traversal patterns
Unusual file deletion patterns from web server IP

SIEM Query:

source="web_logs" AND uri="/app/controllers/FilehelperController.php" AND (filepath CONTAINS ".." OR filepath CONTAINS "/etc" OR filepath CONTAINS "/root")

📊 Metadata

CVE ID: CVE-2025-13564

CVSS v3 Score: 5.4 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L

CWE: CWE-404

EPSS Score: 0.07% exploit probability (20.5th percentile)

Published: November 23, 2025

Last Updated: December 2, 2025

🔗 References

https://github.com/0xffaaa/cve/blob/main/Pre_School_Management_System_Arbitrary_File_Deletion_Vulnerabilit.md Exploit,Issue Tracking,Third Party Advisory
https://vuldb.com/?ctiid.333328 Permissions Required,VDB Entry
https://vuldb.com/?id.333328 Third Party Advisory,VDB Entry
https://vuldb.com/?submit.697083 Third Party Advisory,VDB Entry
https://www.sourcecodester.com/ Product

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-13564, you might also want to check these: