Plattform
php
Komponente
yeswiki
Behoben in
4.5.1
CVE-2025-24019 describes an Arbitrary File Access vulnerability in YesWiki, a PHP-based wiki system. This flaw allows authenticated users to delete files owned by the FastCGI Process Manager (FPM) user, potentially leading to significant data loss and website defacement. The vulnerability affects versions of YesWiki up to and including 4.4.5, with a fix available in version 4.5.0.
The impact of CVE-2025-24019 is substantial. An attacker, once authenticated within the YesWiki system, can leverage the filemanager to delete any file accessible to the FPM user. This includes critical configuration files, website assets, and potentially even system files depending on the server's setup. In containerized environments, this could allow an attacker to delete core YesWiki files, effectively crippling the application. The lack of filesystem scope limitations amplifies the risk, allowing deletion across a broad range of files. Successful exploitation could result in complete website defacement, data exfiltration (if sensitive data is stored in accessible files), and potential denial of service.
CVE-2025-24019 was publicly disclosed on 2025-01-21. Currently, there are no known public exploits or active campaigns targeting this vulnerability. The vulnerability is not listed on the CISA KEV catalog as of this writing. The ease of exploitation, requiring only authentication, suggests it could become a target for opportunistic attackers.
Organizations using YesWiki, particularly those with containerized deployments or shared hosting environments, are at risk. Legacy configurations with weak authentication or overly permissive file permissions are especially vulnerable. Users relying on YesWiki for critical documentation or knowledge management should prioritize patching.
• php: Examine web server access logs for requests to the filemanager endpoint with suspicious parameters that could indicate file deletion attempts. Look for patterns like ?file=../../../../etc/passwd.
grep -i 'file=../../' /var/log/apache2/access.log• linux / server: Monitor FPM user processes for unexpected file activity. Use lsof to identify which processes have open files that are being deleted.
lsof -u www-data | grep deleted• generic web: Check response headers for unusual content types or error messages after attempting to access or delete files through the filemanager. Look for 403 Forbidden errors or unexpected file listings.
disclosure
Exploit-Status
EPSS
0.80% (74% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2025-24019 is to upgrade YesWiki to version 4.5.0 or later, which contains the fix. If an immediate upgrade is not feasible, consider restricting the permissions of the FPM user to minimize the potential damage from file deletion. Implement strict access controls within the filemanager to limit which files authenticated users can access and modify. Web Application Firewalls (WAFs) configured to detect and block suspicious file deletion requests targeting the filemanager endpoint can provide an additional layer of defense. Monitor YesWiki logs for unusual file access or deletion activity.
Actualice YesWiki a la versión 4.5.0 o superior. Esta versión contiene una corrección para la vulnerabilidad de eliminación arbitraria de archivos. La actualización se puede realizar a través del panel de administración de YesWiki o descargando la última versión del sitio web oficial y reemplazando los archivos existentes.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2025-24019 is a vulnerability in YesWiki versions up to 4.4.5 that allows authenticated users to delete files owned by the FPM user, potentially leading to data loss and website defacement.
You are affected if you are running YesWiki version 4.4.5 or earlier. Upgrade to version 4.5.0 to resolve the vulnerability.
Upgrade YesWiki to version 4.5.0 or later. As a temporary workaround, restrict file access permissions for the FPM user.
No active exploitation campaigns have been reported, but the ease of exploitation warrants immediate attention and patching.
Refer to the YesWiki project's official website or security mailing list for the latest advisory and updates regarding CVE-2025-24019.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.