CVE-2025-2215
📋 TL;DR
This critical vulnerability in Doufox allows remote attackers to perform path traversal attacks by manipulating the 'dir' parameter in the /?s=doudou&c=file&a=list endpoint. This could enable unauthorized access to sensitive files on the server. All Doufox installations up to version 0.2.0 are affected.
💻 Affected Systems
- Doufox
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete system compromise through reading sensitive files like /etc/passwd, configuration files, or source code, potentially leading to credential theft or further exploitation.
Likely Case
Unauthorized file disclosure including application configuration, user data, or system information that could facilitate additional attacks.
If Mitigated
Limited impact with proper input validation and file system permissions restricting access to sensitive directories.
🎯 Exploit Status
Exploit details are publicly available and the vulnerability requires minimal technical skill to exploit.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Unknown
Vendor Advisory: None available
Restart Required: No
Instructions:
No official patch available. Consider workarounds or discontinuing use of affected versions.
🔧 Temporary Workarounds
Web Server URL Rewrite
allBlock access to the vulnerable endpoint using web server rewrite rules
For Apache: RewriteRule ^/\?s=doudou&c=file&a=list - [F]
For Nginx: location ~* /\?s=doudou&c=file&a=list { return 403; }
Input Validation Filter
allImplement input validation to reject directory traversal sequences
Implement server-side validation to reject 'dir' parameters containing '../', '..\\', or absolute paths
🧯 If You Can't Patch
- Implement network segmentation to restrict access to Doufox instances
- Deploy WAF rules to detect and block path traversal attempts
🔍 How to Verify
Check if Vulnerable:
Test by accessing http://[target]/?s=doudou&c=file&a=list&dir=../../../etc/passwd and checking for file disclosureCheck Version:
Check Doufox version in application configuration or package managerVerify Fix Applied:
Attempt the same test after applying workarounds and verify file access is blocked📡 Detection & Monitoring
Log Indicators:
- HTTP requests containing '/?s=doudou&c=file&a=list' with 'dir' parameter containing '../' or similar traversal sequences
- Unusual file access patterns from web application
Network Indicators:
- HTTP GET requests with path traversal sequences in query parameters
SIEM Query:
web.url:*s=doudou&c=file&a=list* AND (web.query:*dir=..* OR web.query:*dir=*../*)