Login Sign Up

CVE-2025-57403

7.5 HIGH

📋 TL;DR

Cola Dnslog v1.3.2 has a directory traversal vulnerability in TXT record processing that allows attackers to read arbitrary files on the server. This affects anyone running the vulnerable version of Cola Dnslog. Attackers can potentially access sensitive configuration files, credentials, or other system data.

💻 Affected Systems

Products:
  • Cola Dnslog
Versions: v1.3.2
Operating Systems: Linux, Windows, macOS
Default Config Vulnerable: ⚠️ Yes
Notes: All deployments of Cola Dnslog v1.3.2 are vulnerable regardless of configuration.

📦 What is this software?

Cola Dnslog by Abelche

View all CVEs affecting Cola Dnslog →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete server compromise through reading sensitive files like SSH keys, database credentials, or configuration files containing secrets, potentially leading to lateral movement or data exfiltration.

🟠

Likely Case

Exposure of sensitive application files, configuration data, or system information that could be used for further attacks or reconnaissance.

🟢

If Mitigated

Limited to reading non-sensitive files if proper file permissions and access controls are implemented.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

The vulnerability requires only a specially crafted DNS TXT query. Public proof-of-concept exists in the GitHub issue.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Not available

Vendor Advisory: Not available

Restart Required: No

Instructions:

No official patch available. Consider upgrading to a newer version if available, or implement workarounds.

🔧 Temporary Workarounds

Input Validation and Sanitization

all

Implement proper input validation to reject directory traversal sequences in DNS queries.

Modify source code to validate and sanitize input before os.path.join operations

Web Application Firewall Rules

all

Configure WAF to block requests containing directory traversal patterns.

Add WAF rule to block patterns like '../', '..\', absolute paths

🧯 If You Can't Patch

  • Restrict file system permissions to limit what files the application can access
  • Implement network segmentation to isolate the DNSlog server from sensitive systems

🔍 How to Verify

Check if Vulnerable:

Test with a DNS TXT query containing directory traversal sequences (e.g., '../etc/passwd') and check if file contents are returned.

Check Version:

Check the application version in the interface or configuration files

Verify Fix Applied:

Retest with the same traversal attempts after implementing fixes; queries should return errors or sanitized responses.

📡 Detection & Monitoring

Log Indicators:

  • DNS queries with unusual patterns containing '../', '..\', or absolute paths
  • Multiple failed file access attempts from single source

Network Indicators:

  • DNS TXT queries with suspicious path-like strings
  • Unusual traffic patterns to DNSlog server

SIEM Query:

source="dnslog" AND query="*../*" OR query="*..\\*"

📊 Metadata

CVE ID: CVE-2025-57403
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CWE: CWE-23
EPSS Score: 0.38% exploit probability (59.2th percentile)
Published: December 26, 2025
Last Updated: January 9, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-57403, you might also want to check these:

CVE-2024-24578 10.0

CVE-2024-24578 is an unauthenticated remote code execution vulnerability in RaspberryMatic/OCCU IoT ...

Same vulnerability type (CWE-23)
CVE-2023-3701 9.9

Aqua Drive version 2.4 has a relative path traversal vulnerability that allows authenticated users t...

Same vulnerability type (CWE-23)
CVE-2024-3025 9.9

This path traversal vulnerability in mintplex-labs/anything-llm allows attackers to read or delete f...

Same vulnerability type (CWE-23)