CVE-2025-5029
📋 TL;DR
This critical path traversal vulnerability in Kingdee Cloud Galaxy Private Cloud BBC System allows attackers to delete arbitrary files by manipulating the filePath parameter. Affected systems include Kingdee Cloud Galaxy Private Cloud BBC System up to version 9.0 Patch April 2025. Remote attackers can exploit this to delete sensitive system files.
💻 Affected Systems
- Kingdee Cloud Galaxy Private Cloud BBC System
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete system compromise through deletion of critical system files, leading to service disruption, data loss, or privilege escalation.
Likely Case
Unauthorized deletion of application files causing service disruption, data loss, or configuration corruption.
If Mitigated
Limited impact with proper file permission controls and input validation in place.
🎯 Exploit Status
Exploit has been publicly disclosed and can be launched remotely without authentication.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Version after 9.0 Patch April 2025
Vendor Advisory: https://vip.kingdee.com/knowledge/708656434111770368
Restart Required: Yes
Instructions:
1. Access Kingdee Cloud Galaxy Private Cloud BBC System admin console. 2. Navigate to System Updates. 3. Apply the latest patch from Kingdee. 4. Restart the application services.
🔧 Temporary Workarounds
Restrict File Upload Component Access
linuxBlock external access to the vulnerable fileUpload component using network controls.
iptables -A INPUT -p tcp --dport [APP_PORT] -m string --string "fileUpload/deleteFileAction.jhtml" --algo bm -j DROP
Implement WAF Rules
allAdd path traversal detection rules to web application firewall.
Add rule to detect "../" patterns in filePath parameter
🧯 If You Can't Patch
- Implement strict input validation to reject path traversal sequences in filePath parameter
- Apply principle of least privilege to file system permissions for the application user
🔍 How to Verify
Check if Vulnerable:
Test if fileUpload/deleteFileAction.jhtml accepts filePath parameter with ../ sequencesCheck Version:
Check application admin interface or consult Kingdee documentation for version informationVerify Fix Applied:
Verify patch version is greater than 9.0 Patch April 2025 and test that path traversal attempts are rejected📡 Detection & Monitoring
Log Indicators:
- HTTP requests to fileUpload/deleteFileAction.jhtml with ../ patterns
- File deletion errors in application logs
Network Indicators:
- HTTP POST requests containing filePath parameter with traversal sequences
SIEM Query:
source="web_logs" AND uri="*deleteFileAction.jhtml*" AND (filePath="*../*" OR filePath="*..\\*")