CVE-2025-67174 – This CVE describes a local file inclusion vulne... (How to Fix)

Q: What is the severity of CVE-2025-67174?

CVE-2025-67174 has a CVSS score of 7.5 (HIGH). This CVE describes a local file inclusion vulnerability in RiteCMS v3.1.0 that allows attackers to read arbitrary files on the server through directory traversal in admin.php language file parameters. Attackers can access sensitive system files, configuration files, and potentially source code. This affects all RiteCMS v3.1.0 installations with the vulnerable admin.php component accessible.

📋 TL;DR

This CVE describes a local file inclusion vulnerability in RiteCMS v3.1.0 that allows attackers to read arbitrary files on the server through directory traversal in admin.php language file parameters. Attackers can access sensitive system files, configuration files, and potentially source code. This affects all RiteCMS v3.1.0 installations with the vulnerable admin.php component accessible.

💻 Affected Systems

Products:

RiteCMS

Versions: v3.1.0

Operating Systems: All operating systems running RiteCMS

Default Config Vulnerable: ⚠️ Yes

Notes: Requires access to admin.php component. The vulnerability is in the admin_language_file and default_page_language_file parameters.

📦 What is this software?

Ritecms by Ritecms

View all CVEs affecting Ritecms →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers can read sensitive system files like /etc/passwd, /etc/shadow, database configuration files, and source code, potentially leading to full system compromise through credential theft or privilege escalation.

🟠

Likely Case

Attackers read configuration files containing database credentials, API keys, or other sensitive information, leading to data breaches or further system access.

🟢

If Mitigated

With proper file permissions and web server restrictions, attackers can only read non-sensitive files within the web directory, limiting impact to application files.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires access to the admin interface. The vulnerability is simple to exploit using directory traversal sequences like ../../../etc/passwd.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Not available

Vendor Advisory: Not available

Restart Required: No

Instructions:

1. Review the vulnerable code in admin.php and settings.inc.tpl. 2. Implement input validation and path sanitization. 3. Consider upgrading to a newer version if available from the vendor.

🔧 Temporary Workarounds

Input Validation Patch

all

Add input validation to sanitize file paths and prevent directory traversal

Edit admin.php line 46 and settings.inc.tpl line 64 to validate file paths
Implement basename() or realpath() functions to sanitize input

Access Restriction

all

Restrict access to admin.php to trusted IP addresses only

Add .htaccess rules: Order Deny,Allow\nDeny from all\nAllow from 192.168.1.0/24
Configure web server ACLs to limit admin access

🧯 If You Can't Patch

Implement web application firewall (WAF) rules to block directory traversal patterns
Restrict file system permissions to limit what the web server user can read

🔍 How to Verify

Check if Vulnerable:

Test if you can access admin.php with parameters like admin_language_file=../../../etc/passwd. Check if the file content is returned.

Check Version:

Check RiteCMS version in admin panel or look for version information in source files

Verify Fix Applied:

Attempt the same directory traversal attack after applying fixes. Verify that input validation prevents file path manipulation.

📡 Detection & Monitoring

Log Indicators:

HTTP requests to admin.php with ../ sequences in parameters
Unusual file access patterns from web server process

Network Indicators:

HTTP requests containing directory traversal patterns (../, ..\\) to admin.php

SIEM Query:

source="web_access.log" AND uri="*admin.php*" AND (param="*../*" OR param="*..\\*")

📊 Metadata

CVE ID: CVE-2025-67174

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE: CWE-22

EPSS Score: 0.17% exploit probability (37.6th percentile)

Published: December 17, 2025

Last Updated: December 18, 2025

🔗 References

https://github.com/handylulu/RiteCMS Product
https://github.com/handylulu/RiteCMS/blob/master/admin.php#L46 Product
https://github.com/handylulu/RiteCMS/blob/master/cms/subtemplates/settings.inc.tpl#L64 Product
https://github.com/mbiesiad/vulnerability-research/tree/main/CVE-2025-67174 Exploit,Third Party Advisory
https://github.com/mbiesiad/vulnerability-research/tree/main/CVE-2025-67174 Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-67174, you might also want to check these: