CVE-2025-13875
📋 TL;DR
This vulnerability allows remote attackers to perform path traversal attacks in Yohann0617 oci-helper versions up to 3.2.4. By manipulating file arguments in the OCI Configuration Upload component, attackers can write files to arbitrary locations on the server. Organizations using vulnerable versions of this software are affected.
💻 Affected Systems
- Yohann0617 oci-helper
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete system compromise through arbitrary file overwrite leading to remote code execution, data destruction, or privilege escalation.
Likely Case
Unauthorized file writes to sensitive locations, potentially enabling further exploitation or data manipulation.
If Mitigated
Limited impact if proper file system permissions restrict write access to critical directories.
🎯 Exploit Status
Proof-of-concept exploit is publicly available; remote exploitation is possible without authentication.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Unknown
Vendor Advisory: None available
Restart Required: No
Instructions:
No official patch available; vendor did not respond to disclosure. Consider workarounds or discontinuing use.
🔧 Temporary Workarounds
Input Validation and Sanitization
allImplement strict input validation to reject file paths containing directory traversal sequences (../, ..\)
File Path Restriction
allRestrict file uploads to specific safe directories using absolute path validation
🧯 If You Can't Patch
- Disable or restrict access to the OCI Configuration Upload functionality
- Implement network segmentation and firewall rules to limit access to affected systems
🔍 How to Verify
Check if Vulnerable:
Check if using oci-helper version 3.2.4 or earlier and if the OCI Configuration Upload endpoint is accessibleCheck Version:
Check application version in pom.xml or build configuration filesVerify Fix Applied:
Test with path traversal payloads (e.g., '../../etc/passwd') to confirm file writes are restricted📡 Detection & Monitoring
Log Indicators:
- Unusual file write attempts to system directories
- Requests containing '../' patterns to upload endpoints
Network Indicators:
- HTTP requests with path traversal sequences in file parameters
SIEM Query:
http.url:*../* AND http.method:POST AND http.path:*upload*