CVE-2025-45890
📋 TL;DR
A directory traversal vulnerability in novel plus allows remote attackers to read, write, or execute arbitrary files on the server by manipulating the filePath parameter. This affects all novel plus installations before version 5.1.0, potentially leading to complete system compromise.
💻 Affected Systems
- novel plus
📦 What is this software?
Novel Plus by Xxyopen
⚠️ Risk & Real-World Impact
Worst Case
Remote code execution leading to full system compromise, data exfiltration, ransomware deployment, or creation of persistent backdoors.
Likely Case
Arbitrary file read/write allowing sensitive data exposure, configuration file modification, or web shell upload for subsequent RCE.
If Mitigated
Limited file access within web root directory if proper input validation and path restrictions are implemented.
🎯 Exploit Status
Directory traversal vulnerabilities are typically easy to exploit with simple path manipulation techniques.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 5.1.0
Vendor Advisory: https://github.com/SecureCore1/CVE/blob/main/novel-plus/readme.md
Restart Required: Yes
Instructions:
1. Backup current installation and data. 2. Download novel plus version 5.1.0 or later from official source. 3. Replace existing files with patched version. 4. Restart the novel plus service or web server.
🔧 Temporary Workarounds
Input Validation Filter
allImplement strict input validation to block directory traversal sequences in filePath parameter
# Example for web server config or application filter
# Block sequences containing ../, ..\, or absolute paths
Web Application Firewall Rule
allDeploy WAF rules to detect and block directory traversal attempts
# Example ModSecurity rule:
# SecRule ARGS:filePath "@contains ../" "id:1001,phase:2,deny,msg:'Directory Traversal Attempt'"
# Example nginx rule:
# location ~* \.\./ { deny all; }
🧯 If You Can't Patch
- Implement strict network segmentation and firewall rules to limit access to novel plus instances
- Deploy runtime application self-protection (RASP) or web application firewall with directory traversal detection rules
🔍 How to Verify
Check if Vulnerable:
Test if filePath parameter accepts directory traversal sequences like ../../../etc/passwd or similar path manipulationsCheck Version:
Check novel plus version in admin panel or configuration files, or run: grep -r 'version' /path/to/novel-plus/ | grep -i '5\|version'Verify Fix Applied:
After patching, attempt directory traversal attacks and verify they are blocked or sanitized📡 Detection & Monitoring
Log Indicators:
- HTTP requests with filePath parameter containing ../, ..\, or absolute paths
- Unusual file access patterns outside web root directory
- Failed file access attempts with traversal sequences
Network Indicators:
- HTTP requests with encoded traversal sequences (%2e%2e%2f, ..%5c)
- Multiple rapid requests attempting different path manipulations
SIEM Query:
source="web_logs" AND (filePath="*../*" OR filePath="*..\\*" OR filePath="*/etc/*" OR filePath="*C:\\*" OR filePath="*/windows/*")