CVE-2025-7625 – This critical vulnerability in YiJiuSmile kkFil... (How to Fix)

Q: What is the severity of CVE-2025-7625?

CVE-2025-7625 has a CVSS score of 4.3 (MEDIUM). This critical vulnerability in YiJiuSmile kkFileViewOfficeEdit allows remote attackers to perform path traversal attacks via the 'url' parameter in the /download endpoint. Attackers can potentially access sensitive files outside the intended directory. All users running affected versions of this software are at risk.

📋 TL;DR

This critical vulnerability in YiJiuSmile kkFileViewOfficeEdit allows remote attackers to perform path traversal attacks via the 'url' parameter in the /download endpoint. Attackers can potentially access sensitive files outside the intended directory. All users running affected versions of this software are at risk.

💻 Affected Systems

Products:

YiJiuSmile kkFileViewOfficeEdit

Versions: All versions up to commit 5fbc57c48e8fe6c1b91e0e7995e2d59615f37abd

Operating Systems: All platforms running the software

Default Config Vulnerable: ⚠️ Yes

Notes: Continuous delivery model means no specific version numbers; all instances before the fix commit are vulnerable.

📦 What is this software?

Kkfileviewofficeedit by Yijiusmile

View all CVEs affecting Kkfileviewofficeedit →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise through arbitrary file read/write, potentially leading to sensitive data exposure, credential theft, or remote code execution.

🟠

Likely Case

Unauthorized access to sensitive configuration files, source code, or user data stored on the server.

🟢

If Mitigated

Limited impact with proper input validation and file system permissions restricting access to sensitive areas.

🌐 Internet-Facing: HIGH - Remote exploitation possible without authentication, making internet-facing instances particularly vulnerable.

🏢 Internal Only: MEDIUM - Internal attackers could exploit this to escalate privileges or access sensitive internal files.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploit details are publicly disclosed in GitHub issues, making weaponization straightforward.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Commit after 5fbc57c48e8fe6c1b91e0e7995e2d59615f37abd

Vendor Advisory: https://github.com/YiJiuSmile/kkFileViewOfficeEdit/issues/12

Restart Required: Yes

Instructions:

1. Pull latest code from repository 2. Rebuild application 3. Restart service 4. Verify fix by testing path traversal attempts

🔧 Temporary Workarounds

Input Validation Filter

all

Implement input validation to block directory traversal sequences in URL parameter

Implement regex filter: if (url.contains("..") || url.contains("/")) { reject request }

Web Application Firewall Rule

all

Block requests containing path traversal patterns to /download endpoint

WAF rule: deny if request_uri contains "/download" and args contains ".." or "%2e%2e"

🧯 If You Can't Patch

Implement strict file system permissions to limit accessible directories
Deploy network segmentation to isolate vulnerable instances from sensitive systems

🔍 How to Verify

Check if Vulnerable:

Test by sending request to /download endpoint with traversal payload: GET /download?url=../../../etc/passwd

Check Version:

Check git commit hash: git log --oneline -1

Verify Fix Applied:

Attempt same traversal payload; should receive error or sanitized response instead of file contents

📡 Detection & Monitoring

Log Indicators:

HTTP requests to /download with '..' or encoded equivalents in parameters
Unusual file access patterns from web server process

Network Indicators:

Multiple failed traversal attempts
Successful downloads of unexpected file types

SIEM Query:

source="web_logs" AND uri_path="/download" AND (query_string="*..*" OR query_string="*%2e%2e*")

📊 Metadata

CVE ID: CVE-2025-7625

CVSS v3 Score: 4.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CWE: CWE-22

EPSS Score: 0.1% exploit probability (26.7th percentile)

Published: July 14, 2025

Last Updated: November 6, 2025

🔗 References

https://github.com/YiJiuSmile/kkFileViewOfficeEdit/issues/12 Exploit,Issue Tracking,Vendor Advisory
https://vuldb.com/?ctiid.316326 Permissions Required,VDB Entry
https://vuldb.com/?id.316326 Third Party Advisory,VDB Entry
https://vuldb.com/?submit.609076 Third Party Advisory,VDB Entry
https://github.com/YiJiuSmile/kkFileViewOfficeEdit/issues/12 Exploit,Issue Tracking,Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-7625, you might also want to check these: