CVE-2025-45238 – FoxCMS v1.2.5 contains an arbitrary file deleti... (How to Fix)

Q: What is the severity of CVE-2025-45238?

CVE-2025-45238 has a CVSS score of 9.1 (CRITICAL). FoxCMS v1.2.5 contains an arbitrary file deletion vulnerability in the delRestoreSerie method that allows attackers to delete any file on the server. This affects all installations of FoxCMS v1.2.5 using default configurations. Attackers can potentially delete critical system files, configuration files, or application data.

📋 TL;DR

FoxCMS v1.2.5 contains an arbitrary file deletion vulnerability in the delRestoreSerie method that allows attackers to delete any file on the server. This affects all installations of FoxCMS v1.2.5 using default configurations. Attackers can potentially delete critical system files, configuration files, or application data.

💻 Affected Systems

Products:

foxcms

Versions: v1.2.5

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects FoxCMS v1.2.5; earlier or later versions may also be vulnerable but not confirmed.

📦 What is this software?

Foxcms by Qianfox

View all CVEs affecting Foxcms →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise through deletion of critical operating system files, leading to system crashes, data loss, or service disruption.

🟠

Likely Case

Deletion of web application files causing website defacement, data loss, or service disruption.

🟢

If Mitigated

Limited impact if proper file permissions and web server sandboxing are implemented.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploit requires authentication to access the vulnerable method; public proof-of-concept available in GitHub gist.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: https://gitee.com/qianfox/foxcms

Restart Required: No

Instructions:

No official patch available. Consider upgrading to a newer version if available or implementing workarounds.

🔧 Temporary Workarounds

Restrict File Permissions

linux

Set strict file permissions on web directories to prevent deletion of critical files.

chmod 644 /path/to/foxcms/*
chown www-data:www-data /path/to/foxcms/

Disable Vulnerable Method

all

Comment out or remove the delRestoreSerie method from the FoxCMS source code.

# Edit the relevant PHP file and comment out the delRestoreSerie method

🧯 If You Can't Patch

Implement strict access controls and authentication requirements for the vulnerable endpoint.
Deploy web application firewall (WAF) rules to block requests to the delRestoreSerie method.

🔍 How to Verify

Check if Vulnerable:

Check if FoxCMS version is 1.2.5 by examining the application files or configuration.

Check Version:

grep -r 'version' /path/to/foxcms/ | grep '1.2.5'

Verify Fix Applied:

Test if the delRestoreSerie method is no longer accessible or functional after applying workarounds.

📡 Detection & Monitoring

Log Indicators:

HTTP requests to delRestoreSerie method
File deletion errors in web server logs

Network Indicators:

POST requests to vulnerable endpoint with file path parameters

SIEM Query:

source="web_logs" AND (uri="*delRestoreSerie*" OR method="POST" AND uri="*foxcms*")

📊 Metadata

CVE ID: CVE-2025-45238

CVSS v3 Score: 9.1 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

CWE: CWE-22

EPSS Score: 0.64% exploit probability (70.1th percentile)

Published: May 5, 2025

Last Updated: June 12, 2025

🔗 References

https://gist.github.com/chao112122/27010786774f2bb584cc715fb027b95c Exploit,Third Party Advisory
https://gitee.com/qianfox/foxcms Product

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-45238, you might also want to check these: