CVE-2025-15237
📋 TL;DR
CVE-2025-15237 is an absolute path traversal vulnerability in QOCA aim AI Medical Cloud Platform that allows authenticated remote attackers to read folder names under specified paths. This affects healthcare organizations using Quanta Computer's QOCA platform for medical cloud services. The vulnerability enables unauthorized directory listing but not file content reading.
💻 Affected Systems
- QOCA aim AI Medical Cloud Platform
📦 What is this software?
Qoca Aim by Quantatw
⚠️ Risk & Real-World Impact
Worst Case
Attackers could map the entire directory structure, identify sensitive medical data locations, and use this reconnaissance for subsequent attacks to access protected health information (PHI) or system files.
Likely Case
Authenticated attackers enumerate directory structures to understand system layout and identify potential targets for further exploitation, potentially leading to data exposure if combined with other vulnerabilities.
If Mitigated
With proper network segmentation and access controls, impact is limited to directory enumeration within the application's permitted scope, preventing access to sensitive system areas.
🎯 Exploit Status
Exploitation requires authenticated access; path traversal techniques are well-documented and relatively simple to implement
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Not specified in available references
Vendor Advisory: https://www.twcert.org.tw/en/cp-139-10616-cd942-2.html
Restart Required: Yes
Instructions:
1. Contact Quanta Computer for security updates 2. Apply the latest patches for QOCA aim platform 3. Restart affected services 4. Verify the fix prevents path traversal
🔧 Temporary Workarounds
Input Validation and Sanitization
allImplement strict input validation to reject path traversal sequences in user-supplied path parameters
Application-specific configuration; implement path normalization and validation in code
Access Control Enhancement
allRestrict authenticated users to only necessary directory paths using application-level access controls
Configure application permissions to limit directory access to authorized paths only
🧯 If You Can't Patch
- Implement web application firewall (WAF) rules to block path traversal patterns in requests
- Segment network access to QOCA platform and restrict to authorized users only
🔍 How to Verify
Check if Vulnerable:
Test authenticated requests with path traversal sequences (e.g., '../../etc/passwd') to directory listing endpointsCheck Version:
Check QOCA platform version through administrative interface or contact vendorVerify Fix Applied:
Attempt the same path traversal tests after patching; successful requests should return error messages or be blocked📡 Detection & Monitoring
Log Indicators:
- HTTP requests containing '../' sequences in path parameters
- Unusual directory listing requests from authenticated users
- Failed access attempts to restricted paths
Network Indicators:
- Patterns of requests with multiple directory traversal sequences
- Unusual volume of directory listing requests
SIEM Query:
web.url:*../* AND (web.status:200 OR web.status:403) AND user.authenticated:true