CVE-2025-6774
📋 TL;DR
This critical path traversal vulnerability in gooaclok819 sublinkX allows attackers to access arbitrary files on the server by manipulating the filename parameter in the AddTemp function. Remote attackers can exploit this to read sensitive system files. All users running sublinkX versions up to 1.8 are affected.
💻 Affected Systems
- gooaclok819 sublinkX
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete system compromise through reading sensitive configuration files, credentials, or deploying malicious payloads to arbitrary locations
Likely Case
Unauthorized access to sensitive application files, configuration data, or user information stored on the server
If Mitigated
Limited to application-level file access if proper file permissions and sandboxing are implemented
🎯 Exploit Status
Exploit has been publicly disclosed and requires minimal technical skill to execute
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 1.9
Vendor Advisory: https://github.com/gooaclok819/sublinkX/releases/tag/1.9
Restart Required: Yes
Instructions:
1. Backup current configuration and data
2. Download version 1.9 from GitHub releases
3. Replace existing installation with patched version
4. Restart the sublinkX service
🔧 Temporary Workarounds
Input Validation Filter
allAdd input validation to reject filename parameters containing path traversal sequences
# In api/template.go, add validation before AddTemp function
# Example: if strings.Contains(filename, "..") || strings.Contains(filename, "/") {
# return error
# }
File Access Restriction
allConfigure file system permissions to restrict sublinkX to specific directories
# Linux: chroot or containerize sublinkX
# Windows: Use AppLocker or file system ACLs
🧯 If You Can't Patch
- Implement web application firewall (WAF) rules to block path traversal patterns in requests
- Isolate sublinkX instance in a restricted network segment with minimal file system access
🔍 How to Verify
Check if Vulnerable:
Check if running sublinkX version 1.8 or earlier by examining version files or running the application with --version flagCheck Version:
Check application configuration files or run: ./sublinkX --versionVerify Fix Applied:
Confirm version is 1.9 or later and test that path traversal attempts in filename parameter are properly rejected📡 Detection & Monitoring
Log Indicators:
- Unusual file access patterns
- Requests with ../ sequences in filename parameter
- Access to files outside expected template directories
Network Indicators:
- HTTP requests containing path traversal sequences (%2e%2e%2f, ..\, etc.) in parameters
SIEM Query:
source="sublinkX" AND (filename="*..*" OR uri="*%2e%2e%2f*")🔗 References
- https://github.com/gooaclok819/sublinkX/commit/778d26aef723daa58df98c8060c43f5bf5d1b10b
- https://github.com/gooaclok819/sublinkX/issues/68#issuecomment-2957290524
- https://github.com/gooaclok819/sublinkX/issues/69
- https://github.com/gooaclok819/sublinkX/releases/tag/1.9
- https://vuldb.com/?ctiid.314090
- https://vuldb.com/?id.314090
- https://vuldb.com/?submit.602369
