CVE-2025-2705
📋 TL;DR
This critical vulnerability in Digiwin ERP 5.1 allows remote attackers to upload arbitrary files without restrictions via the DoUpload/DoWebUpload function in /Api/FileUploadApi.ashx. This can lead to remote code execution, data theft, or system compromise. All organizations running Digiwin ERP 5.1 with the vulnerable API endpoint exposed are affected.
💻 Affected Systems
- Digiwin ERP
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Remote code execution leading to complete system takeover, data exfiltration, ransomware deployment, or lateral movement within the network.
Likely Case
Webshell deployment allowing persistent access, data manipulation, or serving malicious content from the compromised server.
If Mitigated
File upload attempts blocked or logged, with no successful exploitation due to proper input validation and file type restrictions.
🎯 Exploit Status
Exploit details are publicly available in GitHub repositories, making this easily exploitable by attackers with basic skills.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Unknown
Vendor Advisory: None available
Restart Required: No
Instructions:
No official patch available. The vendor did not respond to disclosure. Consider workarounds or alternative solutions.
🔧 Temporary Workarounds
Block FileUpload API Endpoint
allRestrict access to the vulnerable /Api/FileUploadApi.ashx endpoint using web server configuration or firewall rules.
# For IIS: Use URL Rewrite rules to block /Api/FileUploadApi.ashx
# For firewall: Add rule to block traffic to /Api/FileUploadApi.ashx
Implement File Upload Validation
allAdd server-side validation to restrict file types, check file signatures, and limit upload sizes.
# Custom code implementation required in the application
🧯 If You Can't Patch
- Isolate the Digiwin ERP system in a segmented network zone with strict inbound/outbound controls.
- Implement web application firewall (WAF) rules to detect and block malicious file upload patterns.
🔍 How to Verify
Check if Vulnerable:
Test if you can upload arbitrary files (e.g., .aspx, .php, .exe) to /Api/FileUploadApi.ashx endpoint. Successful upload indicates vulnerability.Check Version:
Check Digiwin ERP version in application interface or configuration files. Look for version 5.1.Verify Fix Applied:
Attempt the same file upload test after applying workarounds. Successful blocking or validation of uploads indicates mitigation.📡 Detection & Monitoring
Log Indicators:
- Unusual file uploads to /Api/FileUploadApi.ashx
- Uploads of executable file types (.aspx, .php, .exe)
- Large number of upload requests from single IP
Network Indicators:
- POST requests to /Api/FileUploadApi.ashx with file attachments
- Unusual outbound connections from the ERP server
SIEM Query:
source="web_logs" AND uri="/Api/FileUploadApi.ashx" AND (file_extension="aspx" OR file_extension="php" OR file_extension="exe")