CVE-2025-60786
📋 TL;DR
A Zip Slip vulnerability in iceScrum v7.54 Pro On-prem allows attackers to execute arbitrary code by uploading a specially crafted Zip file. This affects organizations using the vulnerable version for project management. Attackers can achieve remote code execution on the server.
💻 Affected Systems
- iceScrum Pro On-prem
📦 What is this software?
Icescrum by Kagilum
⚠️ Risk & Real-World Impact
Worst Case
Full server compromise leading to data theft, lateral movement, and persistent backdoor installation.
Likely Case
Remote code execution allowing file system access, data exfiltration, and potential ransomware deployment.
If Mitigated
Limited impact if file uploads are restricted or monitored, though risk remains if vulnerable component is accessible.
🎯 Exploit Status
Exploitation requires access to upload functionality, which typically requires authentication. The vulnerability is well-documented with proof-of-concept available.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: v7.55 or later
Vendor Advisory: https://www.icescrum.com/download/
Restart Required: Yes
Instructions:
1. Download the latest version from iceScrum website. 2. Backup your current installation. 3. Replace the installation with the patched version. 4. Restart the application server.
🔧 Temporary Workarounds
Disable Project Import Feature
allTemporarily disable the vulnerable import project functionality.
Modify application configuration to remove import project access
Restrict File Uploads
allImplement strict file upload validation and monitoring.
Configure web application firewall to block suspicious zip files
🧯 If You Can't Patch
- Implement strict network segmentation to isolate iceScrum from critical systems.
- Enable detailed logging and monitoring of all file upload activities and server file system changes.
🔍 How to Verify
Check if Vulnerable:
Check if running iceScrum Pro On-prem version 7.54. Verify if import project feature is accessible.Check Version:
Check application version in admin interface or application.properties file.Verify Fix Applied:
Confirm installation of version 7.55 or later. Test import functionality with safe test files.📡 Detection & Monitoring
Log Indicators:
- Unusual file uploads to import endpoints
- File system writes outside expected directories
- Suspicious process execution following uploads
Network Indicators:
- HTTP POST requests to /import endpoints with zip files
- Unusual outbound connections from iceScrum server
SIEM Query:
source="icescrum" AND (uri_path="/import" OR file_extension=".zip")