CVE-2025-63365 – SoftSea EPUB File Reader 1.0.0.0 contains a dir... (How to Fix)

Q: What is the severity of CVE-2025-63365?

CVE-2025-63365 has a CVSS score of 7.1 (HIGH). SoftSea EPUB File Reader 1.0.0.0 contains a directory traversal vulnerability in its EPUB file processing component. Attackers can craft malicious EPUB files to read or write files outside the intended extraction directory. Users who open untrusted EPUB files with this software are affected.

📋 TL;DR

SoftSea EPUB File Reader 1.0.0.0 contains a directory traversal vulnerability in its EPUB file processing component. Attackers can craft malicious EPUB files to read or write files outside the intended extraction directory. Users who open untrusted EPUB files with this software are affected.

💻 Affected Systems

Products:

SoftSea EPUB File Reader

Versions: 1.0.0.0

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability exists in default installation when processing EPUB files.

📦 What is this software?

Epub File Reader by Epubfilereader

View all CVEs affecting Epub File Reader →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise via arbitrary file write leading to remote code execution, or sensitive file disclosure including credentials and configuration files.

🟠

Likely Case

Local file disclosure or corruption of system files, potentially leading to privilege escalation or data loss.

🟢

If Mitigated

Limited impact with proper file access controls and user permissions restricting write access to critical directories.

🌐 Internet-Facing: MEDIUM - Requires user interaction to open malicious file, but could be delivered via email or web downloads.

🏢 Internal Only: LOW - Primarily affects individual workstations rather than network services.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires user to open a malicious EPUB file. No authentication bypass needed beyond file access.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: http://epub.com

Restart Required: No

Instructions:

1. Check vendor website for updates. 2. If patch available, download and install. 3. Verify installation by checking version number.

🔧 Temporary Workarounds

Restrict EPUB file handling

windows

Configure system to open EPUB files with alternative, secure software instead of SoftSea EPUB File Reader.

User awareness training

all

Educate users to only open EPUB files from trusted sources and verify file integrity.

🧯 If You Can't Patch

Uninstall SoftSea EPUB File Reader and use alternative EPUB reader software
Implement application whitelisting to prevent execution of vulnerable software

🔍 How to Verify

Check if Vulnerable:

Check installed software for SoftSea EPUB File Reader version 1.0.0.0 via Control Panel > Programs and Features

Check Version:

wmic product where name="SoftSea EPUB File Reader" get version

Verify Fix Applied:

Verify software version is no longer 1.0.0.0 after applying vendor patch

📡 Detection & Monitoring

Log Indicators:

Unusual file access patterns from EPUB reader process
Access to system directories by user-level applications

Network Indicators:

Downloads of EPUB files from untrusted sources

SIEM Query:

Process creation where Image contains "epub" AND CommandLine contains path traversal patterns (../ or ..\)

📊 Metadata

CVE ID: CVE-2025-63365

CVSS v3 Score: 7.1 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

CWE: CWE-22

EPSS Score: 0.22% exploit probability (43.9th percentile)

Published: December 1, 2025

Last Updated: December 23, 2025

🔗 References

http://epub.com Broken Link
https://jeroscope.com/advisories/2025/jero-2025-001/ Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-63365, you might also want to check these: