CVE-2025-45242
📋 TL;DR
This vulnerability in Rhymix CMS allows authenticated administrators to delete arbitrary files on the server through the procFileAdminEditImage method. Attackers with admin access can delete critical system files, potentially causing service disruption or complete system compromise. All Rhymix installations using version 2.1.22 are affected.
💻 Affected Systems
- Rhymix CMS
📦 What is this software?
Rhymix by Rhymix
⚠️ Risk & Real-World Impact
Worst Case
Complete system compromise through deletion of critical system files, leading to service disruption, data loss, or privilege escalation by removing security controls.
Likely Case
Service disruption through deletion of application files, configuration files, or user-uploaded content, potentially causing website downtime or data loss.
If Mitigated
Limited impact if proper access controls restrict admin privileges and file system permissions prevent deletion of critical files.
🎯 Exploit Status
Exploitation requires administrator credentials. The vulnerability is in a core administrative function, making exploitation straightforward once admin access is obtained.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 2.1.23 or later
Vendor Advisory: https://github.com/rhymix/rhymix
Restart Required: No
Instructions:
1. Backup your Rhymix installation and database. 2. Download the latest version from https://github.com/rhymix/rhymix. 3. Replace the vulnerable files with patched versions. 4. Verify the fix by checking the version in the admin panel.
🔧 Temporary Workarounds
Restrict Admin Access
allLimit administrator accounts to trusted users only and implement strong authentication controls.
File System Permissions
linuxSet restrictive file permissions on critical system directories to prevent deletion even if exploited.
chmod 755 /path/to/rhymix
chown www-data:www-data /path/to/rhymix -R
🧯 If You Can't Patch
- Implement strict access controls on administrator accounts and monitor admin activity logs
- Deploy file integrity monitoring to detect unauthorized file deletions
🔍 How to Verify
Check if Vulnerable:
Check the Rhymix version in the admin panel or by examining the /common/defaults.php file for version information.Check Version:
grep -r "RX_VERSION" /path/to/rhymix/common/defaults.phpVerify Fix Applied:
Verify the version is 2.1.23 or later and test the procFileAdminEditImage functionality with safe test files.📡 Detection & Monitoring
Log Indicators:
- Unusual file deletion events in application logs
- Multiple failed file operations followed by successful deletions
- Admin account activity from unusual IP addresses
Network Indicators:
- HTTP POST requests to /file/file.admin.controller.php with file deletion parameters
SIEM Query:
source="rhymix_logs" AND (event="file_deletion" OR method="procFileAdminEditImage") AND status="success"