CVE-2025-30582
📋 TL;DR
This path traversal vulnerability in DyaPress ERP/CRM allows attackers to include arbitrary PHP files from the server's filesystem, potentially leading to remote code execution. All DyaPress ERP/CRM installations up to version 18.0.2.0 are affected. The vulnerability requires no authentication to exploit.
💻 Affected Systems
- DyaPress ERP/CRM
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Full server compromise via remote code execution, allowing attackers to steal sensitive data, install backdoors, or pivot to other systems.
Likely Case
Arbitrary file read leading to credential theft, configuration exposure, and potential privilege escalation to remote code execution.
If Mitigated
Limited file disclosure if proper file permissions restrict access to sensitive files, but still exposes system information.
🎯 Exploit Status
Simple path traversal payloads can trigger the vulnerability without authentication.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 18.0.2.1 or later
Vendor Advisory: https://patchstack.com/database/wordpress/plugin/dyapress/vulnerability/wordpress-dyapress-erp-crm-18-0-2-0-local-file-inclusion-vulnerability?_s_id=cve
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins > Installed Plugins. 3. Find DyaPress ERP/CRM. 4. Click 'Update Now' if update available. 5. Alternatively, download latest version from WordPress repository and manually update.
🔧 Temporary Workarounds
Web Application Firewall Rule
allBlock path traversal patterns in web requests
WAF specific - configure to block requests containing '../', '..\', or absolute paths
File Permission Restriction
linuxRestrict PHP file permissions to prevent inclusion of sensitive files
chmod 644 sensitive_config_files.php
chown www-data:www-data web_root
🧯 If You Can't Patch
- Disable or remove the DyaPress ERP/CRM plugin immediately
- Implement strict network segmentation to isolate the vulnerable system
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin panel > Plugins > DyaPress ERP/CRM version. If version is 18.0.2.0 or earlier, system is vulnerable.Check Version:
wp plugin list --name=dyapress --field=version (if WP-CLI installed)Verify Fix Applied:
Verify DyaPress ERP/CRM version is 18.0.2.1 or later in WordPress admin panel.📡 Detection & Monitoring
Log Indicators:
- HTTP requests containing '../' patterns
- PHP include/require errors with unusual file paths
- Access to wp-content/plugins/dyapress/ with traversal parameters
Network Indicators:
- HTTP GET/POST requests with file path parameters containing '../' sequences
SIEM Query:
source="web_logs" AND (uri="*../*" OR params="*../*") AND uri="*/dyapress/*"