CVE-2025-1791
published 2025-03-01CVE-2025-1791: A vulnerability has been found in Zorlan SkyCaiji 2.9 and classified as critical. This vulnerability affects the function fileAction of the file…
PriorityP260critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
0.36%
27.7th percentile
A vulnerability has been found in Zorlan SkyCaiji 2.9 and classified as critical. This vulnerability affects the function fileAction of the file vendor/skycaiji/app/admin/controller/Tool.php. The manipulation of the argument save_data leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| rustfs | rustfs | >= 1.0.0-alpha.13 < 1.0.0-alpha.79 | 1.0.0-alpha.79 |
| skycaiji | skycaiji | — | — |
| zorlan | skycaiji | — | — |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv4.05.3MEDIUMCVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
nvdv2.06.5MEDIUMAV:N/AC:L/Au:S/C:P/I:P/A:P
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
RustFS Path Traversal Vulnerability
ghsa·2026-01-07
CVE-2025-68705 [HIGH] CWE-22 RustFS Path Traversal Vulnerability
RustFS Path Traversal Vulnerability
# RustFS Path Traversal Vulnerability
## Vulnerability Details
- **CVE ID**:
- **Severity**: Critical (CVSS estimated 9.9)
- **Impact**: Arbitrary File Read/Write
- **Component**: `/rustfs/rpc/read_file_stream` endpoint
- **Root Cause**: Insufficient path validation in `crates/ecstore/src/disk/local.rs:1791`
### Vulnerable Code
```rust
// local.rs:1791 - No path sanitization!
let file_path = volume_dir.join(Path::new(&path)); // DANGEROUS!
check_path_length(file_path.to_string_lossy().to_string().as_str())?; // Only checks length
let mut f = self.open_file(file_path, O_RDONLY, volume_dir).await?;
```
The code uses `PathBuf::join()` without:
- Canonicalization
- Path boundary validation
- Protection against `../` sequences
- Protection against absol
GHSA
GHSA-2fw5-hcch-p3cj: A vulnerability has been found in Zorlan SkyCaiji 2
ghsa_unreviewed·2025-03-01
CVE-2025-1791 [MEDIUM] CWE-284 GHSA-2fw5-hcch-p3cj: A vulnerability has been found in Zorlan SkyCaiji 2
A vulnerability has been found in Zorlan SkyCaiji 2.9 and classified as critical. This vulnerability affects the function fileAction of the file vendor/skycaiji/app/admin/controller/Tool.php. The manipulation of the argument save_data leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2025-03-01
Published