CVE-2025-4078

4.3 MEDIUM

Path Traversal

📋 TL;DR

This vulnerability in Wangshen SecGate 3600 2400 allows attackers to perform path traversal attacks via the file_name parameter in the log_export_file endpoint. This could enable unauthorized file access or directory listing. Organizations using affected Wangshen firewall devices are at risk.

💻 Affected Systems

Products:

• Wangshen SecGate 3600
• Wangshen SecGate 2400

Versions: Unknown specific versions - all versions with vulnerable endpoint

Operating Systems: Embedded firewall OS

Default Config Vulnerable: ⚠️ Yes

Notes: Affects the log export functionality specifically at the ?g=log_export_file endpoint

⚠️ Manual Verification Required

This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.

Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).

🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.

Recommended Actions:

1. Review the CVE details at NVD
2. Check vendor security advisories for your specific version
3. Test if the vulnerability is exploitable in your environment
4. Consider updating to the latest version as a precaution

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could read sensitive system files, configuration data, or authentication credentials, potentially leading to full system compromise.

🟠

Likely Case

Unauthorized access to log files or configuration data, which could be used for reconnaissance or to facilitate further attacks.

🟢

If Mitigated

Limited to accessing non-sensitive files if proper file permissions and network segmentation are implemented.

🌐 Internet-Facing: HIGH - The vulnerability is remotely exploitable and public exploit details exist.

🏢 Internal Only: MEDIUM - Internal attackers could exploit this, but external exposure poses greater risk.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploit details are publicly available and the vulnerability is simple to exploit via path traversal techniques.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: None available

Restart Required: No

Instructions:

No official patch available. Monitor vendor website for security updates.

🔧 Temporary Workarounds

Network Access Control

all

Restrict access to the vulnerable endpoint using firewall rules or network segmentation

Web Application Firewall

all

Implement WAF rules to block path traversal patterns in file_name parameter

🧯 If You Can't Patch

• Isolate affected devices in separate network segments with strict access controls
• Implement monitoring and alerting for suspicious file access patterns

🔍 How to Verify

Check if Vulnerable:

Copy

Test if you can access files outside intended directory by manipulating file_name parameter in ?g=log_export_file requests

Check Version:

Copy

Check device web interface or CLI for firmware version information

Verify Fix Applied:

Copy

Verify that path traversal attempts are blocked and return appropriate error responses

📡 Detection & Monitoring

Log Indicators:

• Unusual file access patterns in web logs
• Multiple failed attempts with ../ patterns in file_name parameter

Network Indicators:

• HTTP requests to ?g=log_export_file with suspicious file_name parameters containing ../ patterns

SIEM Query:

Copy

web.url:*log_export_file* AND web.param.file_name:*../*

📊 Metadata

CVE ID: CVE-2025-4078

CVSS v3 Score: 4.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CWE: CWE-22

EPSS Score: 2.19% exploit probability (84th percentile)

Published: April 29, 2025

Last Updated: May 2, 2025

🔗 References

• https://flowus.cn/share/f5c70c53-737b-470b-aa2e-6d5524f849fb?code=G8A6P3
• https://vuldb.com/?ctiid.306515
• https://vuldb.com/?id.306515
• https://vuldb.com/?submit.560540

📤 Share & Export

Twitter LinkedIn Reddit Copy Link

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-4078, you might also want to check these:

CVE-2024-43955 10.0

CVE-2024-43955 is an unauthenticated path traversal vulnerability in the Droip WordPress plugin that...

Same vulnerability type (CWE-22)

CVE-2025-54261 10.0

This critical path traversal vulnerability in Adobe ColdFusion allows attackers to escape restricted...

Same vulnerability type (CWE-22)

CVE-2024-40628 10.0

This critical vulnerability in JumpServer allows attackers to read arbitrary files from the Celery c...

Same vulnerability type (CWE-22)