CVE-2025-25997
📋 TL;DR
CVE-2025-25997 is a directory traversal vulnerability in FeMiner wms v1.0 that allows remote attackers to access sensitive files outside the intended directory via the databak.php component. This affects all deployments of FeMiner wms version 1.0, potentially exposing configuration files, credentials, or other sensitive data.
💻 Affected Systems
- FeMiner wms
📦 What is this software?
Feminer Wms by Feminer Wms Project
⚠️ Risk & Real-World Impact
Worst Case
Complete system compromise through exposure of database credentials, configuration files with secrets, or other sensitive system files leading to data breach or further exploitation.
Likely Case
Unauthorized access to sensitive files containing configuration data, backup files, or user information that could facilitate additional attacks.
If Mitigated
Limited exposure of non-critical files if proper file permissions and web server configurations are implemented.
🎯 Exploit Status
The vulnerability is simple to exploit via crafted HTTP requests to databak.php with directory traversal sequences.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Not available
Vendor Advisory: https://github.com/FeMiner/wms/issues/22
Restart Required: No
Instructions:
No official patch available. Consider upgrading to a newer version if available, or implement workarounds.
🔧 Temporary Workarounds
Restrict access to databak.php
allBlock or restrict access to the vulnerable databak.php component using web server configuration.
# Apache: Add to .htaccess or virtual host config
<Files "databak.php">
Order Deny,Allow
Deny from all
</Files>
# Nginx: Add to server block
location ~ /databak\.php$ {
deny all;
return 403;
}
Implement input validation
allAdd input validation to databak.php to reject directory traversal sequences.
# Example PHP input validation
$filename = $_GET['file'];
if (strpos($filename, '..') !== false || strpos($filename, '/') !== false) {
http_response_code(400);
exit('Invalid file request');
}
🧯 If You Can't Patch
- Implement network segmentation to isolate the vulnerable system from sensitive networks
- Deploy a web application firewall (WAF) with rules to block directory traversal attempts
🔍 How to Verify
Check if Vulnerable:
Attempt to access http://[target]/databak.php?file=../../../../etc/passwd (or similar traversal) and check if sensitive files are returned.Check Version:
Check the software version in the web interface or configuration files, or examine the source code for version indicators.Verify Fix Applied:
Test the same directory traversal attempts after implementing workarounds to confirm they are blocked.📡 Detection & Monitoring
Log Indicators:
- HTTP requests to databak.php containing '..' or '../' sequences
- Unusual file access patterns from web server logs
Network Indicators:
- HTTP requests with directory traversal patterns in URI parameters
- Unusual outbound data transfers following databak.php access
SIEM Query:
source="web_server" AND uri="*databak.php*" AND (uri="*..*" OR uri="*../*")