CVE-2025-60449
📋 TL;DR
An information disclosure vulnerability in SeaCMS 13.1 allows authenticated administrators to scan and download files from the server's root directory via the admin_safe.php component. This affects SeaCMS 13.1 installations with administrator accounts. The vulnerability enables source code and potentially sensitive file exposure.
💻 Affected Systems
- SeaCMS
📦 What is this software?
Seacms by Seacms
⚠️ Risk & Real-World Impact
Worst Case
Administrator credentials are compromised, allowing attackers to download sensitive files including configuration files, database credentials, SSH keys, and other critical system files, leading to complete system compromise.
Likely Case
Malicious administrators or compromised admin accounts download application source code and configuration files, potentially exposing database credentials and other sensitive information.
If Mitigated
With proper access controls and monitoring, impact is limited to authorized administrators accessing files they should already have access to through normal administrative functions.
🎯 Exploit Status
Exploitation requires administrator credentials. The vulnerability allows directory traversal and file download via the affected component.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Unknown
Vendor Advisory: Not available
Restart Required: No
Instructions:
1. Monitor SeaCMS vendor for official patch. 2. Apply patch when available. 3. Verify fix by testing the vulnerable endpoint.
🔧 Temporary Workarounds
Remove vulnerable file
linuxDelete or rename the vulnerable admin_safe.php file in the /btcoan/ directory
mv /path/to/seacms/btcoan/admin_safe.php /path/to/seacms/btcoan/admin_safe.php.bak
Restrict access to /btcoan/ directory
allUse web server configuration to block access to the vulnerable directory
# Apache: <Directory /path/to/seacms/btcoan> Deny from all </Directory>
# Nginx: location /btcoan/ { deny all; }
🧯 If You Can't Patch
- Implement strict access controls and monitoring for administrator accounts
- Regularly audit administrator activities and file access patterns
🔍 How to Verify
Check if Vulnerable:
Check if admin_safe.php exists in /btcoan/ directory and test authenticated access to download files via directory traversal.Check Version:
Check SeaCMS version in configuration files or admin panelVerify Fix Applied:
Verify the vulnerable file is removed or access to /btcoan/ directory is blocked. Test that file download via the vulnerable endpoint is no longer possible.📡 Detection & Monitoring
Log Indicators:
- Unusual file access patterns from administrator accounts
- Multiple file download requests to admin_safe.php
Network Indicators:
- HTTP requests to /btcoan/admin_safe.php with file path parameters
SIEM Query:
source="web_access_logs" AND uri="/btcoan/admin_safe.php" AND (param="file" OR param="path")