Login Sign Up

CVE-2025-4538

6.3 MEDIUM

📋 TL;DR

CVE-2025-4538 is a critical unrestricted file upload vulnerability in kkFileView 4.4.0 that allows remote attackers to upload arbitrary files to the /fileUpload endpoint. This affects all systems running the vulnerable version of kkFileView, potentially enabling server compromise.

💻 Affected Systems

Products:
  • kkFileView
Versions: 4.4.0
Operating Systems: All platforms running kkFileView
Default Config Vulnerable: ⚠️ Yes
Notes: The vulnerability exists in the default configuration of kkFileView 4.4.0.

📦 What is this software?

Kkfileview by Keking

View all CVEs affecting Kkfileview →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system compromise, data exfiltration, and lateral movement within the network.

🟠

Likely Case

Webshell deployment allowing persistent access, file system manipulation, and potential privilege escalation.

🟢

If Mitigated

File upload attempts are blocked or quarantined, preventing successful exploitation.

🌐 Internet-Facing: HIGH - Remote exploitation without authentication makes internet-facing instances extremely vulnerable.
🏢 Internal Only: MEDIUM - Internal attackers could exploit this, but network segmentation reduces exposure.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploit details are publicly available, making weaponization likely. No authentication required for exploitation.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: None available

Restart Required: No

Instructions:

No official patch available. Vendor was contacted but did not respond. Consider upgrading to a newer version if available or implementing workarounds.

🔧 Temporary Workarounds

Web Application Firewall Rules

all

Implement WAF rules to block malicious file uploads to /fileUpload endpoint

File Upload Restrictions

linux

Configure web server to restrict file types and sizes for uploads

# Example nginx restriction
location /fileUpload {
    client_max_body_size 1M;
    deny all;
}

🧯 If You Can't Patch

  • Disable or block access to the /fileUpload endpoint entirely
  • Implement strict file type validation and scanning for all uploads

🔍 How to Verify

Check if Vulnerable:

Check if kkFileView version is 4.4.0 and /fileUpload endpoint is accessible

Check Version:

Check application configuration or deployment files for version information

Verify Fix Applied:

Test file upload functionality with restricted file types and verify uploads are properly validated

📡 Detection & Monitoring

Log Indicators:

  • Unusual file uploads to /fileUpload
  • Uploads of executable file types
  • Multiple failed upload attempts

Network Indicators:

  • POST requests to /fileUpload with suspicious file extensions
  • Unusual outbound connections after uploads

SIEM Query:

source="web_logs" AND uri="/fileUpload" AND (file_extension="php" OR file_extension="jsp" OR file_extension="asp")

📊 Metadata

CVE ID: CVE-2025-4538
CVSS v3 Score: 6.3 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
CWE: CWE-284
EPSS Score: 0.1% exploit probability (27.2th percentile)
Published: May 11, 2025
Last Updated: June 16, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-4538, you might also want to check these:

CVE-2021-34795 10.0

This critical vulnerability in Cisco Catalyst PON Series Switches ONT web management interface allow...

Same vulnerability type (CWE-284)
CVE-2021-40113 10.0

Multiple vulnerabilities in Cisco Catalyst PON Series Switches ONT web management interface allow un...

Same vulnerability type (CWE-284)
CVE-2026-21636 10.0

A critical vulnerability in Node.js v25's experimental permission model allows attacker-controlled i...

Same vulnerability type (CWE-284)