Login Sign Up

CVE-2025-2607

6.3 MEDIUM

📋 TL;DR

This critical vulnerability in LzCMS-LaoZhangBoKeXiTong allows attackers to upload arbitrary files without restrictions via the /admin/upload/upimage.html endpoint. Remote attackers can exploit this to upload malicious files like webshells or malware. All users running affected versions are at risk.

💻 Affected Systems

Products:
  • phplaozhang LzCMS-LaoZhangBoKeXiTong
Versions: up to version 1.1.4
Operating Systems: All
Default Config Vulnerable: ⚠️ Yes
Notes: Requires admin access to /admin/upload/upimage.html endpoint

📦 What is this software?

Lzcms Laozhangbokexitong by Phplaozhang

View all CVEs affecting Lzcms Laozhangbokexitong →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise via webshell upload leading to remote code execution, data theft, and lateral movement within the network.

🟠

Likely Case

Attackers upload webshells to gain persistent access, deface websites, or deploy ransomware on vulnerable systems.

🟢

If Mitigated

With proper file upload validation and access controls, impact is limited to potential DoS via large file uploads.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploit requires admin access but is simple to execute once authenticated

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: None available

Restart Required: No

Instructions:

No official patch available. Consider upgrading if vendor releases fix or implement workarounds.

🔧 Temporary Workarounds

Restrict File Upload Endpoint

all

Block or restrict access to /admin/upload/upimage.html via web server configuration

# Apache: <Location /admin/upload/upimage.html> Require all denied </Location>
# Nginx: location /admin/upload/upimage.html { deny all; }

Implement File Upload Validation

all

Add server-side validation for file types, extensions, and content

# Add to upload script: validate file extension, MIME type, and scan for malicious content

🧯 If You Can't Patch

  • Implement strict access controls to admin interface and monitor for unauthorized access
  • Deploy WAF rules to block malicious file upload patterns and monitor upload directories

🔍 How to Verify

Check if Vulnerable:

Check if version is ≤1.1.4 and test if /admin/upload/upimage.html accepts unrestricted file uploads

Check Version:

Check CMS configuration files or database for version information

Verify Fix Applied:

Test that file upload endpoint properly validates file types and extensions

📡 Detection & Monitoring

Log Indicators:

  • Unusual file uploads to /admin/upload/upimage.html
  • Uploads of executable files (php, jsp, asp)
  • Multiple failed upload attempts

Network Indicators:

  • POST requests to /admin/upload/upimage.html with suspicious file names
  • Traffic patterns indicating webshell communication

SIEM Query:

source="web_logs" AND uri="/admin/upload/upimage.html" AND (file_extension="php" OR file_extension="jsp" OR file_extension="asp")

📊 Metadata

CVE ID: CVE-2025-2607
CVSS v3 Score: 6.3 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
CWE: CWE-284
EPSS Score: 0.11% exploit probability (29.1th percentile)
Published: March 21, 2025
Last Updated: April 1, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-2607, you might also want to check these:

CVE-2021-34795 10.0

This critical vulnerability in Cisco Catalyst PON Series Switches ONT web management interface allow...

Same vulnerability type (CWE-284)
CVE-2021-40113 10.0

Multiple vulnerabilities in Cisco Catalyst PON Series Switches ONT web management interface allow un...

Same vulnerability type (CWE-284)
CVE-2026-21636 10.0

A critical vulnerability in Node.js v25's experimental permission model allows attacker-controlled i...

Same vulnerability type (CWE-284)