CVE-2025-1791 – CVE-2025-1791 is a critical unrestricted file u... (How to Fix)

Q: What is the severity of CVE-2025-1791?

CVE-2025-1791 has a CVSS score of 6.3 (MEDIUM). CVE-2025-1791 is a critical unrestricted file upload vulnerability in Zorlan SkyCaiji 2.9 that allows remote attackers to upload arbitrary files to the server. This affects all systems running the vulnerable version of SkyCaiji, potentially leading to complete system compromise.

📋 TL;DR

CVE-2025-1791 is a critical unrestricted file upload vulnerability in Zorlan SkyCaiji 2.9 that allows remote attackers to upload arbitrary files to the server. This affects all systems running the vulnerable version of SkyCaiji, potentially leading to complete system compromise.

💻 Affected Systems

Products:

Zorlan SkyCaiji

Versions: Version 2.9

Operating Systems: Any OS running SkyCaiji

Default Config Vulnerable: ⚠️ Yes

Notes: Affects the fileAction function in vendor/skycaiji/app/admin/controller/Tool.php

📦 What is this software?

Skycaiji by Skycaiji

View all CVEs affecting Skycaiji →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to full system takeover, data exfiltration, and lateral movement within the network.

🟠

Likely Case

Webshell deployment allowing persistent backdoor access, data theft, and further exploitation of the server.

🟢

If Mitigated

Limited impact if file uploads are restricted to authenticated users only and proper file validation is in place.

🌐 Internet-Facing: HIGH - The vulnerability is remotely exploitable and affects internet-facing web applications.

🏢 Internal Only: MEDIUM - Internal systems are still vulnerable but require network access.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploit has been publicly disclosed and requires minimal technical skill to execute.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: None available

Restart Required: No

Instructions:

No official patch available. Consider upgrading to a newer version if available or implementing workarounds.

🔧 Temporary Workarounds

Restrict file upload functionality

all

Disable or restrict the fileAction function in Tool.php to prevent unauthorized uploads

# Modify vendor/skycaiji/app/admin/controller/Tool.php to add authentication checks
# Remove or comment out fileAction function if not needed

Implement file validation

all

Add server-side file type validation and size restrictions

# Add file extension whitelisting in the upload handler
# Implement file content validation using magic bytes

🧯 If You Can't Patch

Implement WAF rules to block suspicious file upload requests
Restrict network access to SkyCaiji instances using firewall rules

🔍 How to Verify

Check if Vulnerable:

Check if running SkyCaiji version 2.9 and examine the Tool.php file for unrestricted upload functionality

Check Version:

# Check SkyCaiji version in configuration files or admin interface

Verify Fix Applied:

Test file upload functionality with malicious files to ensure proper validation is in place

📡 Detection & Monitoring

Log Indicators:

Unusual file uploads to Tool.php endpoint
Large number of POST requests to fileAction function
Uploads of executable files like .php, .jsp, .asp

Network Indicators:

POST requests to /vendor/skycaiji/app/admin/controller/Tool.php with file uploads
Unusual outbound connections from the server after file uploads

SIEM Query:

source="web_logs" AND uri="/vendor/skycaiji/app/admin/controller/Tool.php" AND method="POST" AND size>1000000

📊 Metadata

CVE ID: CVE-2025-1791

CVSS v3 Score: 6.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CWE: CWE-284

EPSS Score: 0.23% exploit probability (45th percentile)

Published: March 1, 2025

Last Updated: June 12, 2025

🔗 References

https://github.com/sheratan4/cve/issues/5 Broken Link
https://vuldb.com/?ctiid.298012 Permissions Required,VDB Entry
https://vuldb.com/?id.298012 Third Party Advisory,VDB Entry
https://vuldb.com/?submit.502648 Third Party Advisory,VDB Entry
https://github.com/sheratan4/cve/issues/5 Broken Link

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-1791, you might also want to check these: