CVE-2025-57618
📋 TL;DR
A path traversal vulnerability in FastX3 allows unauthenticated attackers to read arbitrary server files, including configuration files containing JWT secret keys. Attackers can forge valid JWTs to impersonate the root user and achieve remote code execution. All FastX3 installations through version 3.3.67 are affected.
💻 Affected Systems
- FastX3
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Full system compromise via remote code execution as root, leading to data theft, lateral movement, and persistent backdoors.
Likely Case
Unauthorized file access leading to JWT secret theft, authentication bypass, and privilege escalation to root.
If Mitigated
Limited to file disclosure if JWT signing is disabled or configuration files are properly secured.
🎯 Exploit Status
Path traversal to file read is straightforward. JWT forgery requires basic cryptographic knowledge.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 3.3.68 or later
Vendor Advisory: https://www.starnet.com/help/fastx3-3-server-release-notes/
Restart Required: Yes
Instructions:
1. Download FastX3 version 3.3.68 or later from StarNet website. 2. Stop FastX3 service. 3. Install the update. 4. Restart FastX3 service.
🔧 Temporary Workarounds
Network Access Restriction
linuxRestrict network access to FastX3 server to trusted IPs only.
iptables -A INPUT -p tcp --dport [FASTX_PORT] -s [TRUSTED_IP] -j ACCEPT
iptables -A INPUT -p tcp --dport [FASTX_PORT] -j DROP
File Permission Hardening
linuxRestrict read access to configuration files containing JWT secrets.
chmod 600 /path/to/fastx/config/*.conf
chown root:root /path/to/fastx/config/*.conf
🧯 If You Can't Patch
- Implement network segmentation to isolate FastX3 servers from critical systems.
- Monitor for unusual file access patterns and JWT usage anomalies.
🔍 How to Verify
Check if Vulnerable:
Check FastX3 version: if version ≤ 3.3.67, system is vulnerable.Check Version:
fastx-server --versionVerify Fix Applied:
Confirm FastX3 version is 3.3.68 or later and test path traversal attempts return proper errors.📡 Detection & Monitoring
Log Indicators:
- Unusual file access patterns in FastX logs
- Multiple failed path traversal attempts
- JWT validation errors
Network Indicators:
- HTTP requests with ../ sequences in URLs
- Unusual authentication patterns
SIEM Query:
source="fastx.log" AND ("../" OR "..\\" OR "%2e%2e%2f")