CVE-2025-67004 – This CVE describes a potential directory traver... (How to Fix)

Q: What is the severity of CVE-2025-67004?

CVE-2025-67004 has a CVSS score of 6.5 (MEDIUM). This CVE describes a potential directory traversal vulnerability in CouchCMS 2.4 that could allow authenticated admin users to read arbitrary files on the server. The vulnerability is disputed, with some community members suggesting it's actually a web server configuration issue rather than a CMS vulnerability. Organizations running CouchCMS 2.4 with admin user accounts are potentially affected.

📋 TL;DR

This CVE describes a potential directory traversal vulnerability in CouchCMS 2.4 that could allow authenticated admin users to read arbitrary files on the server. The vulnerability is disputed, with some community members suggesting it's actually a web server configuration issue rather than a CMS vulnerability. Organizations running CouchCMS 2.4 with admin user accounts are potentially affected.

💻 Affected Systems

Products:

CouchCMS

Versions: 2.4

Operating Systems: All

Default Config Vulnerable: ✅ No

Notes: Vulnerability is disputed - may require specific web server misconfiguration to be exploitable. Requires admin user access.

📦 What is this software?

Couchcms by Couchcms

View all CVEs affecting Couchcms →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Admin user could read sensitive files including configuration files, source code, database credentials, and other confidential information, potentially leading to complete system compromise.

🟠

Likely Case

Admin user could read application source code and configuration files, potentially exposing sensitive information but requiring existing admin access.

🟢

If Mitigated

With proper access controls and web server configuration, the impact would be minimal as admin users already have significant system access.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires admin credentials. The vulnerability is disputed, with community suggesting it's a web server configuration issue rather than CMS vulnerability.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Not available

Vendor Advisory: Not available

Restart Required: No

Instructions:

No official patch available as vulnerability is disputed. Review web server configuration and implement workarounds.

🔧 Temporary Workarounds

Web Server Directory Restriction

all

Configure web server to restrict directory traversal attempts

# Apache: Ensure AllowOverride All is not set for sensitive directories
# Nginx: Add location blocks to restrict file access

Admin Access Restriction

all

Implement strict access controls for admin accounts

# Implement IP whitelisting for admin panel
# Enable MFA for admin accounts
# Regular password rotation

🧯 If You Can't Patch

Implement strict network segmentation to isolate CouchCMS instances
Enable detailed logging and monitoring for file access attempts from admin accounts

🔍 How to Verify

Check if Vulnerable:

Test if admin user can access files outside web root using directory traversal sequences (e.g., ../../etc/passwd)

Check Version:

Check CouchCMS version in admin panel or via /couch/version.php

Verify Fix Applied:

Verify web server configuration prevents directory traversal and test with same traversal attempts

📡 Detection & Monitoring

Log Indicators:

Multiple ../ sequences in URL requests
Access attempts to sensitive files from admin accounts
Unusual file access patterns

Network Indicators:

HTTP requests containing directory traversal sequences
Admin panel access from unusual locations

SIEM Query:

web.url:*..%2F* AND (user.role:admin OR auth.method:admin)

📊 Metadata

CVE ID: CVE-2025-67004

CVSS v3 Score: 6.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CWE: CWE-22

EPSS Score: 0.07% exploit probability (20.1th percentile)

Published: January 9, 2026

Last Updated: January 23, 2026

🔗 References

https://gist.github.com/thepiyushkumarshukla/d01f8004c43692f18c75548f4739955a Exploit,Third Party Advisory
https://github.com/CouchCMS/CouchCMS Product
https://www.couchcms.com/ Product

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-67004, you might also want to check these: