CVE-2025-63371 – OneCommander 3.102.0.0 contains a directory tra... (How to Fix)

Q: What is the severity of CVE-2025-63371?

CVE-2025-63371 has a CVSS score of 7.5 (HIGH). OneCommander 3.102.0.0 contains a directory traversal vulnerability in its ZIP file processing component that allows attackers to write files outside the intended extraction directory. This affects users who extract malicious ZIP archives with the vulnerable software. Attackers could potentially overwrite system files or plant malicious executables.

📋 TL;DR

OneCommander 3.102.0.0 contains a directory traversal vulnerability in its ZIP file processing component that allows attackers to write files outside the intended extraction directory. This affects users who extract malicious ZIP archives with the vulnerable software. Attackers could potentially overwrite system files or plant malicious executables.

💻 Affected Systems

Products:

Milos Paripovic OneCommander

Versions: 3.102.0.0 (specific version mentioned; earlier versions may also be affected)

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability is present in default installation when processing ZIP files through the affected component.

📦 What is this software?

Onecommander by Onecommander

View all CVEs affecting Onecommander →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise via overwriting critical system files or planting persistent malware with elevated privileges.

🟠

Likely Case

Local file system corruption, data loss, or installation of user-level malware through crafted ZIP archives.

🟢

If Mitigated

Limited impact if software runs with minimal privileges and file system permissions restrict write access to sensitive locations.

🌐 Internet-Facing: LOW - This is a local file processing vulnerability requiring user interaction to extract malicious archives.

🏢 Internal Only: MEDIUM - Users within an organization could be targeted with malicious ZIP files via email or network shares.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires user to open a malicious ZIP file. No authentication bypass needed as user already has file access.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: UNKNOWN

Vendor Advisory: https://www.onecommander.com/

Restart Required: No

Instructions:

1. Check vendor website for security updates. 2. If patch available, download and install updated version. 3. Verify version number after installation.

🔧 Temporary Workarounds

Disable ZIP extraction in OneCommander

windows

Configure OneCommander to not handle ZIP files or use alternative ZIP extraction software

Run with restricted privileges

windows

Run OneCommander with standard user privileges (not administrator) to limit file system damage

🧯 If You Can't Patch

Educate users to avoid opening ZIP files from untrusted sources with OneCommander
Implement application whitelisting to prevent execution of unauthorized files that could be planted via this vulnerability

🔍 How to Verify

Check if Vulnerable:

Check OneCommander version in Help > About. If version is 3.102.0.0 or potentially earlier, system is vulnerable.

Check Version:

Check via OneCommander GUI: Help > About

Verify Fix Applied:

After updating, verify version number is higher than 3.102.0.0 and test with known safe ZIP extraction.

📡 Detection & Monitoring

Log Indicators:

Unusual file write operations outside expected extraction directories
OneCommander process accessing system directories

Network Indicators:

No direct network indicators as this is local file processing

SIEM Query:

Process:OneCommander.exe AND (FileWrite:*\..\* OR FileWrite:*\windows\* OR FileWrite:*\program files\*)

📊 Metadata

CVE ID: CVE-2025-63371

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE: CWE-22

EPSS Score: 0.6% exploit probability (69th percentile)

Published: November 19, 2025

Last Updated: December 11, 2025

🔗 References

https://jeroscope.com/advisories/2025/jero-2025-007/ Third Party Advisory
https://www.onecommander.com/ Product

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-63371, you might also want to check these: