CVE-2025-8815 – This critical vulnerability in 猫宁i Morning ... (How to Fix)

Q: What is the severity of CVE-2025-8815?

CVE-2025-8815 has a CVSS score of 7.3 (HIGH). This critical vulnerability in 猫宁i Morning allows remote attackers to perform path traversal attacks via the Shiro configuration component. Attackers can potentially access sensitive files outside the intended directory structure. All deployments using affected versions are vulnerable.

📋 TL;DR

This critical vulnerability in 猫宁i Morning allows remote attackers to perform path traversal attacks via the Shiro configuration component. Attackers can potentially access sensitive files outside the intended directory structure. All deployments using affected versions are vulnerable.

💻 Affected Systems

Products:

猫宁i Morning

Versions: All versions up to commit bc782730c74ff080494f145cc363a0b4f43f7d3e

Operating Systems: All platforms running the application

Default Config Vulnerable: ⚠️ Yes

Notes: Using rolling release model, so specific version numbers are not available. All deployments before the fix commit are vulnerable.

📦 What is this software?

Morning by Morning Pro

View all CVEs affecting Morning →

⚠️ Manual Verification Required

This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.

Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).

🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.

Recommended Actions:

Review the CVE details at NVD
Check vendor security advisories for your specific version
Test if the vulnerability is exploitable in your environment
Consider updating to the latest version as a precaution

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise through arbitrary file read/write, potentially leading to credential theft, data exfiltration, or remote code execution.

🟠

Likely Case

Unauthorized access to sensitive configuration files, source code, or user data stored on the server.

🟢

If Mitigated

Limited impact if proper file system permissions and input validation are in place, though some information disclosure may still occur.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploit has been publicly disclosed and requires minimal technical skill to execute.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Commit after bc782730c74ff080494f145cc363a0b4f43f7d3e

Vendor Advisory: https://gitee.com/morning-pro/Morning/issues/ICOVAK

Restart Required: Yes

Instructions:

1. Pull latest code from repository. 2. Verify you're on commit after bc782730c74ff080494f145cc363a0b4f43f7d3e. 3. Rebuild and redeploy application. 4. Restart all application instances.

🔧 Temporary Workarounds

Input Validation Filter

all

Implement strict input validation to block path traversal sequences

Implement filter to reject requests containing '../', '..\\', or similar traversal patterns

Web Application Firewall

all

Deploy WAF rules to block path traversal attempts

Configure WAF to block requests with path traversal patterns to /index endpoint

🧯 If You Can't Patch

Isolate the application in a restricted network segment with minimal external access
Implement strict file system permissions to limit what the application can access

🔍 How to Verify

Check if Vulnerable:

Test if you can access files outside web root using path traversal payloads against /index endpoint

Check Version:

git log --oneline -1

Verify Fix Applied:

Attempt path traversal attacks against patched version - they should be blocked or return error

📡 Detection & Monitoring

Log Indicators:

Unusual file access patterns
Requests containing '../' or similar patterns to /index
404 errors for unexpected file paths

Network Indicators:

HTTP requests with path traversal payloads
Unusual file downloads from application

SIEM Query:

source="web_logs" AND (uri="/index" AND (uri CONTAINS "../" OR uri CONTAINS "..\\"))

📊 Metadata

CVE ID: CVE-2025-8815

CVSS v3 Score: 7.3 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

CWE: CWE-22

EPSS Score: 0.21% exploit probability (43th percentile)

Published: August 10, 2025

Last Updated: September 16, 2025

🔗 References

https://gitee.com/morning-pro/Morning/issues/ICOVAK Exploit,Issue Tracking,Third Party Advisory
https://vuldb.com/?ctiid.319344 Permissions Required,VDB Entry
https://vuldb.com/?id.319344 Third Party Advisory,VDB Entry
https://vuldb.com/?submit.622348 Exploit,Third Party Advisory,VDB Entry
https://gitee.com/morning-pro/Morning/issues/ICOVAK Exploit,Issue Tracking,Third Party Advisory
https://vuldb.com/?submit.622348 Exploit,Third Party Advisory,VDB Entry

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-8815, you might also want to check these: