CVE-2025-13949
📋 TL;DR
This vulnerability in ProudMuBai GoFilm allows attackers to upload arbitrary files without restrictions via the SingleUpload function. It affects all systems running vulnerable versions of the software and can be exploited remotely. The exploit is publicly available, increasing the risk of compromise.
💻 Affected Systems
- ProudMuBai GoFilm
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete system compromise through remote code execution via malicious file upload, leading to data theft, ransomware deployment, or persistent backdoor installation.
Likely Case
Attackers upload web shells or malware to gain unauthorized access, deface websites, or use the system as a foothold for further attacks.
If Mitigated
Limited impact with proper file upload validation, but still poses risk if workarounds are bypassed.
🎯 Exploit Status
Exploit details are publicly available on GitHub, making this easy to weaponize. Remote exploitation requires no authentication.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Unknown
Vendor Advisory: None
Restart Required: No
Instructions:
No official patch available. Vendor did not respond to disclosure. Consider workarounds or discontinuing use.
🔧 Temporary Workarounds
Implement File Upload Validation
allAdd server-side validation to restrict file types, extensions, and content. Implement file size limits and scan uploaded files.
Modify /server/controller/FileController.go to add validation logic before processing uploads
Disable File Upload Endpoint
allTemporarily disable or block access to the vulnerable SingleUpload endpoint until a fix is available.
Comment out or remove SingleUpload function in FileController.go and restart service
🧯 If You Can't Patch
- Deploy a web application firewall (WAF) with rules to block malicious file upload patterns
- Isolate affected systems from critical networks and implement strict network segmentation
🔍 How to Verify
Check if Vulnerable:
Check if GoFilm version is 1.0.0 or 1.0.1 and if FileController.go contains the SingleUpload function without proper validation.Check Version:
Check application configuration files or deployment manifests for version informationVerify Fix Applied:
Test file upload functionality with restricted file types; successful upload of disallowed files indicates vulnerability.📡 Detection & Monitoring
Log Indicators:
- Unusual file upload activity to /server/controller/FileController.go
- Uploads of executable files, scripts, or unusual file types
Network Indicators:
- HTTP POST requests to upload endpoints with suspicious file extensions
- Traffic patterns indicating file upload exploitation
SIEM Query:
source="web_logs" AND uri="/server/controller/FileController.go" AND method="POST" AND (file_extension="php" OR file_extension="jsp" OR file_extension="exe")