CVE-2025-7108
📋 TL;DR
This critical path traversal vulnerability in risesoft-y9 Digital-Infrastructure allows attackers to delete arbitrary files on the server by manipulating the fullPath parameter in the deleteFile function. Remote attackers can exploit this to delete system files, configuration files, or application data. All users of risesoft-y9 Digital-Infrastructure up to version 9.6.7 are affected.
💻 Affected Systems
- risesoft-y9 Digital-Infrastructure
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete system compromise through deletion of critical system files, leading to service disruption, data loss, or enabling further attacks by removing security controls.
Likely Case
Application data deletion causing service disruption, loss of business data, or deletion of configuration files leading to application failure.
If Mitigated
Limited impact to non-critical files if proper file permissions and access controls are implemented.
🎯 Exploit Status
Proof of concept available on GitHub. Remote exploitation requires network access to the vulnerable endpoint.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Unknown
Vendor Advisory: None available
Restart Required: Yes
Instructions:
1. Monitor vendor for patch release
2. Upgrade to version after 9.6.7 when available
3. Restart application after patching
🔧 Temporary Workarounds
Input Validation Filter
allImplement input validation to reject path traversal sequences
Implement validation in Y9FileController.java to sanitize fullPath parameter
Access Control Restriction
allRestrict network access to vulnerable endpoint
Configure firewall rules to limit access to /y9-module-filemanager endpoints
🧯 If You Can't Patch
- Implement web application firewall (WAF) rules to block path traversal patterns
- Restrict file system permissions for the application user to limit damage scope
🔍 How to Verify
Check if Vulnerable:
Check application version in configuration files or via admin interface. If version is 9.6.7 or earlier, assume vulnerable.Check Version:
Check application.properties or similar configuration files for version informationVerify Fix Applied:
Test deleteFile endpoint with path traversal payloads after remediation. Successful payloads should be rejected.📡 Detection & Monitoring
Log Indicators:
- Unusual delete operations with ../ sequences in parameters
- Failed file deletion attempts with suspicious paths
- Multiple delete requests to file manager endpoint
Network Indicators:
- HTTP requests to /y9-module-filemanager with ../ in parameters
- Unusual patterns of DELETE requests
SIEM Query:
source="web_logs" AND uri="/y9-module-filemanager" AND (param="fullPath" AND value="*../*")