CVE-2025-67488 – This ZipSlip vulnerability in SiYuan personal k... (How to Fix)

Q: What is the severity of CVE-2025-67488?

CVE-2025-67488 has a CVSS score of 7.8 (HIGH). This ZipSlip vulnerability in SiYuan personal knowledge management software allows authenticated users to overwrite arbitrary files on the system through the import functionality. Attackers can achieve full remote code execution by overwriting critical system files. All users running vulnerable versions are affected.

📋 TL;DR

This ZipSlip vulnerability in SiYuan personal knowledge management software allows authenticated users to overwrite arbitrary files on the system through the import functionality. Attackers can achieve full remote code execution by overwriting critical system files. All users running vulnerable versions are affected.

💻 Affected Systems

Products:

SiYuan personal knowledge management software

Versions: Versions up to and including 0.0.0-20251202123337-6ef83b42c7ce

Operating Systems: All operating systems where SiYuan runs

Default Config Vulnerable: ⚠️ Yes

Notes: Requires authenticated user access to the import functionality in notes.

📦 What is this software?

Siyuan by B3log

View all CVEs affecting Siyuan →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise through remote code execution, data destruction, or complete system takeover by overwriting critical files like binaries or configuration files.

🟠

Likely Case

Unauthorized file modification leading to data loss, privilege escalation, or service disruption by overwriting application files.

🟢

If Mitigated

Limited impact if proper file permissions restrict write access to sensitive directories, though authenticated users could still damage their own data.

🌐 Internet-Facing: HIGH

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires authenticated access but is straightforward once authenticated. The vulnerability is in the importZipMd function which doesn't properly validate zip file paths.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 3.5.0 (planned)

Vendor Advisory: https://github.com/siyuan-note/siyuan/security/advisories/GHSA-gqfv-g4v7-m366

Restart Required: Yes

Instructions:

1. Monitor for release of version 3.5.0. 2. Backup your SiYuan data. 3. Update to version 3.5.0 when available. 4. Restart the SiYuan service.

🔧 Temporary Workarounds

Disable import functionality

all

Temporarily disable the import functionality that uses the vulnerable importZipMd function

# Modify SiYuan configuration to disable zip import functionality
# Check documentation for specific configuration options

Restrict user access

all

Limit which users have access to the import functionality

# Configure user permissions to restrict import capabilities
# Use SiYuan's access control features if available

🧯 If You Can't Patch

Implement strict file system permissions to limit SiYuan's write access to only necessary directories
Monitor for suspicious file write operations in SiYuan's data directory and system logs

🔍 How to Verify

Check if Vulnerable:

Check your SiYuan version against the affected version range. If running version 0.0.0-20251202123337-6ef83b42c7ce or earlier, you are vulnerable.

Check Version:

# Check SiYuan version in the application interface or configuration files

Verify Fix Applied:

After updating to version 3.5.0 or later, verify the importZipMd function properly validates zip file paths and prevents directory traversal.

📡 Detection & Monitoring

Log Indicators:

Unusual file write operations outside SiYuan's expected directories
Multiple failed import attempts with zip files
Authentication logs showing users accessing import functionality

Network Indicators:

HTTP POST requests to import endpoints with zip file uploads

SIEM Query:

source="siyuan.logs" AND (event="file_write" AND path NOT CONTAINS "/expected/siyuan/dir/") OR (event="import_zip" AND result="success")

📊 Metadata

CVE ID: CVE-2025-67488

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-22

EPSS Score: 0.05% exploit probability (15.7th percentile)

Published: December 9, 2025

Last Updated: January 30, 2026

🔗 References

https://github.com/siyuan-note/siyuan/blob/dae6158860cc704e353454565c96e874278c6f47/kernel/api/import.go#L190 Product
https://github.com/siyuan-note/siyuan/security/advisories/GHSA-gqfv-g4v7-m366 Exploit,Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-67488, you might also want to check these: