CVE-2025-48382
📋 TL;DR
This vulnerability in Fess Enterprise Search Server allows unauthorized local users to access sensitive temporary files due to insufficient file permissions. It primarily affects shared or multi-user deployment environments where local access isn't restricted. Single-user or isolated deployments have minimal practical impact.
💻 Affected Systems
- Fess Enterprise Search Server
📦 What is this software?
Fess by Codelibs
⚠️ Risk & Real-World Impact
Worst Case
Local attackers could read sensitive configuration data, credentials, or indexed content from temporary files, potentially leading to further system compromise.
Likely Case
In shared environments, unauthorized local users could access temporary files containing search index data or configuration information.
If Mitigated
With proper access controls and isolation, impact is limited to authorized users only accessing their own temporary files.
🎯 Exploit Status
Exploitation requires local access to the server where Fess is running. No authentication bypass needed for local file access.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 14.19.2
Vendor Advisory: https://github.com/codelibs/fess/security/advisories/GHSA-g88v-2j67-9rmx
Restart Required: Yes
Instructions:
1. Download Fess version 14.19.2 or later from official sources. 2. Stop the Fess service. 3. Backup configuration and data. 4. Replace with patched version. 5. Restart Fess service.
🔧 Temporary Workarounds
Restrict local access
linuxLimit local file system access to trusted users only on the server running Fess.
# Set appropriate file permissions for Fess directories
chmod 750 /path/to/fess/directories
# Ensure only necessary users have access
chown fessuser:fessgroup /path/to/fess/directories
🧯 If You Can't Patch
- Implement strict access controls to limit local users who can access the Fess server filesystem.
- Deploy Fess in isolated environments (containers/VMs) with no shared local user access.
🔍 How to Verify
Check if Vulnerable:
Check Fess version: if version is earlier than 14.19.2, system is vulnerable. Also check if multiple local users have access to Fess temporary directories.Check Version:
Check Fess version in admin interface or run: java -jar fess.jar --versionVerify Fix Applied:
Verify Fess version is 14.19.2 or later and check that temporary file permissions are properly restricted.📡 Detection & Monitoring
Log Indicators:
- Unusual file access patterns to temporary directories
- Multiple user accounts accessing Fess temporary files
Network Indicators:
- None - this is a local file system vulnerability
SIEM Query:
Search for file access events to Fess temporary directories by unauthorized users or outside normal service accounts.