CVE-2025-23011
📋 TL;DR
Fedora Repository 3.8.1 contains a path traversal vulnerability (Zip Slip) that allows authenticated attackers to upload malicious archives containing arbitrary JSP files. When extracted, these files can be placed in web-accessible locations and executed via unauthenticated GET requests, potentially leading to remote code execution. This affects systems running the outdated Fedora Repository 3.8.1 release from 2015.
💻 Affected Systems
- Fedora Repository
📦 What is this software?
Fcrepo by Fedorarepository
⚠️ Risk & Real-World Impact
Worst Case
Remote code execution leading to complete system compromise, data exfiltration, or ransomware deployment.
Likely Case
Unauthorized file upload and execution allowing web shell deployment, data manipulation, or lateral movement.
If Mitigated
Limited impact if proper input validation and file extraction controls are implemented.
🎯 Exploit Status
Exploitation requires authenticated access to upload archives and knowledge of web-accessible paths for JSP execution.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Migrate to Fedora Repository 6.5.1 or later
Vendor Advisory: https://github.com/fcrepo/fcrepo/releases
Restart Required: No
Instructions:
1. Backup all repository data and configurations. 2. Download Fedora Repository 6.5.1 or later from official releases. 3. Follow migration guide at https://github.com/fcrepo-exts/migration-utils. 4. Deploy new version and restore data. 5. Validate functionality.
🔧 Temporary Workarounds
Disable Archive Upload
allPrevent authenticated users from uploading archive files through configuration or web application firewall rules.
Implement File Extraction Validation
allAdd server-side validation to check extracted file paths against allowed directories before extraction.
🧯 If You Can't Patch
- Implement strict input validation for uploaded archive file names and paths
- Deploy web application firewall with rules blocking path traversal patterns and malicious JSP uploads
🔍 How to Verify
Check if Vulnerable:
Check Fedora Repository version: grep 'version' /path/to/fedora/configuration/files or check application logs for version information.Check Version:
Check application logs or configuration files for version string containing '3.8.1'Verify Fix Applied:
Confirm version is 6.5.1 or later and test archive upload functionality with malicious payloads to ensure proper validation.📡 Detection & Monitoring
Log Indicators:
- Archive upload events with suspicious file names containing '../' patterns
- JSP file creation in unexpected directories
- GET requests to newly created JSP files
Network Indicators:
- Unusual archive uploads to Fedora Repository endpoints
- HTTP requests to JSP files in non-standard paths
SIEM Query:
source="fedora_logs" AND (event="file_upload" AND file_name="*../*") OR (event="file_extract" AND path="*../*")