Skip to main content
CVE Vulnerability Database
Vulnerability Database/CVE-2025-65878

CVE-2025-65878: Yeqifu Warehouse System Path Traversal

CVE-2025-65878 is a path traversal vulnerability in Yeqifu Warehouse Management System that enables attackers to read arbitrary files and access sensitive data. This article covers the technical details, affected versions, and mitigation.

Published:

CVE-2025-65878 Overview

CVE-2025-65878 is a path traversal vulnerability affecting the Yeqifu Warehouse Management System version 1.2. The vulnerability exists in the /file/showImageByPath endpoint, which fails to properly sanitize user-controlled path parameters. This allows unauthenticated attackers to exploit directory traversal sequences to read arbitrary files from the server's file system, potentially exposing sensitive system information, configuration files, and credentials.

Critical Impact

Unauthenticated attackers can read arbitrary files from the server, leading to exposure of sensitive system configuration, credentials, and potentially enabling further attacks through information disclosure.

Affected Products

  • Yeqifu Warehouse Management System version 1.2
  • Systems running the vulnerable /file/showImageByPath endpoint
  • Web servers hosting the warehouse management application

Discovery Timeline

  • 2025-12-05 - CVE-2025-65878 published to NVD
  • 2025-12-12 - Last updated in NVD database

Technical Details for CVE-2025-65878

Vulnerability Analysis

This path traversal vulnerability (CWE-22) affects the file serving functionality within the Yeqifu Warehouse Management System. The /file/showImageByPath endpoint is designed to serve image files based on a user-supplied path parameter. However, the application fails to implement proper input validation or path canonicalization, allowing attackers to escape the intended directory structure.

The vulnerability is network-accessible and requires no authentication or user interaction to exploit. An attacker can leverage standard directory traversal sequences such as ../ to navigate outside the web application's root directory and access arbitrary files on the underlying server. This could include sensitive configuration files like /etc/passwd, application configuration files containing database credentials, or other system files that may facilitate further compromise.

Root Cause

The root cause of this vulnerability is improper input validation in the path handling logic of the /file/showImageByPath endpoint. The application directly uses user-supplied path parameters without sanitizing or validating them against directory traversal sequences. The code fails to:

  1. Canonicalize the requested file path
  2. Validate that the resolved path remains within the intended directory
  3. Filter or reject path traversal sequences (../, ..%2f, etc.)
  4. Implement proper access controls on file system operations

Attack Vector

The attack vector is network-based, allowing remote unauthenticated attackers to craft malicious HTTP requests to the vulnerable endpoint. By injecting directory traversal sequences into the path parameter, an attacker can traverse the file system hierarchy and read files outside the intended image directory.

A typical attack involves sending requests to the /file/showImageByPath endpoint with manipulated path values containing sequences like ../../../etc/passwd to access sensitive system files. The attack requires no special privileges and can be executed with basic HTTP request tools or a standard web browser.

Detection Methods for CVE-2025-65878

Indicators of Compromise

  • HTTP requests to /file/showImageByPath containing ../ or URL-encoded variants (%2e%2e%2f, ..%2f)
  • Access log entries showing attempts to retrieve files outside the image directory
  • Requests containing path sequences targeting sensitive files like /etc/passwd, /etc/shadow, or configuration files
  • Unusual file access patterns in web server logs from external IP addresses

Detection Strategies

  • Implement web application firewall (WAF) rules to detect and block requests containing path traversal sequences
  • Monitor HTTP access logs for suspicious requests to the /file/showImageByPath endpoint
  • Configure intrusion detection systems (IDS) to alert on directory traversal attack patterns
  • Deploy endpoint detection and response (EDR) solutions to monitor file system access anomalies

Monitoring Recommendations

  • Enable detailed access logging for the warehouse management application
  • Set up alerts for failed file access attempts outside expected directories
  • Monitor for bulk file retrieval attempts from single IP addresses
  • Review system file access logs for unauthorized reads of sensitive configuration files

How to Mitigate CVE-2025-65878

Immediate Actions Required

  • Restrict network access to the Yeqifu Warehouse Management System to trusted networks only
  • Implement web application firewall rules to block path traversal attempts
  • Consider disabling the /file/showImageByPath endpoint if not critical to operations
  • Review server file permissions to limit readable files by the web application user

Patch Information

No vendor patch information is currently available for this vulnerability. Organizations should monitor the GitHub Issue Report for updates and potential fixes from the vendor.

Workarounds

  • Deploy a reverse proxy or WAF to filter requests containing directory traversal patterns before they reach the application
  • Implement network segmentation to limit exposure of the vulnerable application to untrusted networks
  • Apply file system permissions to restrict the web application user's read access to only necessary directories
  • Use a web application firewall rule to block requests containing ../, ..%2f, %2e%2e/, and similar encoded traversal sequences
bash
# Example nginx configuration to block path traversal attempts
location /file/showImageByPath {
    # Block requests with path traversal sequences
    if ($request_uri ~* "\.\.") {
        return 403;
    }
    # Additional filtering for encoded sequences
    if ($request_uri ~* "%2e%2e") {
        return 403;
    }
    # Proxy to backend with sanitized requests only
    proxy_pass http://backend;
}

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

Default Legacy - Prefooter | Experience the World’s Most Advanced Cybersecurity Platform

Experience the Most Advanced Cybersecurity Platform

See how the world’s most intelligent, autonomous cybersecurity platform can protect your organization today and into the future.