Login Sign Up

CVE-2025-8504

6.3 MEDIUM

📋 TL;DR

This critical vulnerability in Kitchen Treasure 1.0 allows remote attackers to upload arbitrary files via the photo parameter in userregistration.php. This affects all installations of Kitchen Treasure 1.0 that have the vulnerable file accessible. Attackers can potentially upload malicious files to execute code on the server.

💻 Affected Systems

Products:
  • Kitchen Treasure
Versions: 1.0
Operating Systems: Any OS running PHP
Default Config Vulnerable: ⚠️ Yes
Notes: All installations with userregistration.php accessible are vulnerable. No special configuration required.

📦 What is this software?

Kitchen Treasure by Anisha

View all CVEs affecting Kitchen Treasure →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system compromise, data theft, and lateral movement within the network.

🟠

Likely Case

Malicious file upload leading to web shell deployment, defacement, or data exfiltration.

🟢

If Mitigated

Uploaded files remain isolated without execution capabilities, limiting impact to storage consumption.

🌐 Internet-Facing: HIGH - Remote exploitation possible without authentication, making exposed instances immediate targets.
🏢 Internal Only: MEDIUM - Requires internal network access but still exploitable without authentication.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploit details are publicly available on GitHub. Attack requires only web access to the vulnerable endpoint.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Not available

Vendor Advisory: Not available

Restart Required: No

Instructions:

No official patch available. Consider removing or replacing the software entirely.

🔧 Temporary Workarounds

Restrict file uploads

all

Implement strict file type validation and size limits for photo uploads

Disable userregistration.php

linux

Temporarily disable or restrict access to the vulnerable file

mv /path/to/userregistration.php /path/to/userregistration.php.disabled
chmod 000 /path/to/userregistration.php

🧯 If You Can't Patch

  • Implement web application firewall (WAF) rules to block malicious file uploads
  • Isolate the application in a restricted network segment with no internet access

🔍 How to Verify

Check if Vulnerable:

Check if /userregistration.php exists and accepts file uploads without proper validation

Check Version:

Check application documentation or source code for version information

Verify Fix Applied:

Attempt to upload a non-image file via the photo parameter - should be rejected

📡 Detection & Monitoring

Log Indicators:

  • Unusual file uploads to userregistration.php
  • Large or non-standard file types being uploaded
  • Multiple failed upload attempts

Network Indicators:

  • POST requests to /userregistration.php with file uploads
  • Unusual outbound connections from web server

SIEM Query:

source="web_logs" AND uri="/userregistration.php" AND method="POST" AND (content_type="application/x-php" OR file_extension="php")

📊 Metadata

CVE ID: CVE-2025-8504
CVSS v3 Score: 6.3 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
CWE: CWE-284
EPSS Score: 0.06% exploit probability (19.2th percentile)
Published: August 3, 2025
Last Updated: August 8, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-8504, you might also want to check these:

CVE-2021-34795 10.0

This critical vulnerability in Cisco Catalyst PON Series Switches ONT web management interface allow...

Same vulnerability type (CWE-284)
CVE-2021-40113 10.0

Multiple vulnerabilities in Cisco Catalyst PON Series Switches ONT web management interface allow un...

Same vulnerability type (CWE-284)
CVE-2026-21636 10.0

A critical vulnerability in Node.js v25's experimental permission model allows attacker-controlled i...

Same vulnerability type (CWE-284)