CVE-2025-9397 – CVE-2025-9397 is an unrestricted file upload vu... (How to Fix)

Q: What is the severity of CVE-2025-9397?

CVE-2025-9397 has a CVSS score of 6.3 (MEDIUM). CVE-2025-9397 is an unrestricted file upload vulnerability in givanz Vvveb CMS that allows remote attackers to upload arbitrary files to the server. This affects all installations of Vvveb up to version 1.0.7.2. Attackers can exploit this to upload malicious files like web shells and gain unauthorized access.

📋 TL;DR

CVE-2025-9397 is an unrestricted file upload vulnerability in givanz Vvveb CMS that allows remote attackers to upload arbitrary files to the server. This affects all installations of Vvveb up to version 1.0.7.2. Attackers can exploit this to upload malicious files like web shells and gain unauthorized access.

💻 Affected Systems

Products:

givanz Vvveb

Versions: Up to and including 1.0.7.2

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: All installations using the vulnerable media.php trait are affected regardless of configuration.

📦 What is this software?

Vvveb by Vvveb

View all CVEs affecting Vvveb →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise through web shell upload leading to remote code execution, data theft, and lateral movement within the network.

🟠

Likely Case

Attackers upload web shells to gain persistent access, deface websites, or use the server for malicious activities like hosting phishing pages.

🟢

If Mitigated

File uploads are blocked or sanitized, preventing malicious file execution and limiting impact to denial of service if uploads are still possible.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Proof of concept is publicly available and exploitation requires minimal technical skill.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Version after 1.0.7.2

Vendor Advisory: https://github.com/givanz/VvvebJs

Restart Required: No

Instructions:

1. Update to the latest version of Vvveb from the official repository. 2. Replace the vulnerable /system/traits/media.php file with the patched version. 3. Verify no unauthorized files were uploaded during the vulnerable period.

🔧 Temporary Workarounds

File Upload Restriction

all

Implement server-side file type validation and restrict uploads to specific directories with proper permissions.

Web Application Firewall

all

Deploy a WAF with rules to block malicious file upload attempts targeting the /system/traits/media.php endpoint.

🧯 If You Can't Patch

Disable file upload functionality entirely in the application configuration.
Implement strict file validation at the web server level using mod_security or similar tools.

🔍 How to Verify

Check if Vulnerable:

Check if your Vvveb version is 1.0.7.2 or earlier and if the /system/traits/media.php file exists without proper file validation.

Check Version:

Check the version in the Vvveb admin panel or examine the application's version file if available.

Verify Fix Applied:

Verify the version is above 1.0.7.2 and test file upload functionality with malicious file extensions to ensure they are rejected.

📡 Detection & Monitoring

Log Indicators:

Unusual file uploads to /system/traits/media.php
Files with suspicious extensions (.php, .jsp, .asp) in upload directories
Multiple failed upload attempts with various file types

Network Indicators:

POST requests to /system/traits/media.php with file uploads
Unusual outbound connections from the web server after file uploads

SIEM Query:

source="web_logs" AND uri="/system/traits/media.php" AND method="POST" AND (file_extension="php" OR file_extension="jsp" OR file_extension="asp")

📊 Metadata

CVE ID: CVE-2025-9397

CVSS v3 Score: 6.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CWE: CWE-284

EPSS Score: 0.05% exploit probability (14.5th percentile)

Published: August 24, 2025

Last Updated: August 27, 2025

🔗 References

https://github.com/August829/Yu/blob/main/20250812_2.md Exploit
https://github.com/August829/Yu/blob/main/20250812_2.md#poc Exploit
https://vuldb.com/?ctiid.321233 Permissions Required,VDB Entry
https://vuldb.com/?id.321233 Third Party Advisory,VDB Entry
https://vuldb.com/?submit.632530 Third Party Advisory,VDB Entry

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-9397, you might also want to check these: