Platform
php
Component
yeswiki
Fixed in
4.5.1
CVE-2025-24019 describes an Arbitrary File Access vulnerability discovered in YesWiki, a PHP-based wiki system. This flaw allows authenticated users to delete files owned by the FastCGI Process Manager (FPM) user, potentially leading to significant data loss and website compromise. The vulnerability impacts versions of YesWiki up to and including 4.4.5, with a fix available in version 4.5.0.
The impact of CVE-2025-24019 is substantial. An attacker, once authenticated within the YesWiki system, can leverage the filemanager to delete any file accessible to the FPM user. This includes critical configuration files, website assets, and potentially even system files depending on the server's setup. In containerized environments, this could allow deletion of essential PHP files, effectively rendering the YesWiki instance unusable. The ability to arbitrarily remove content enables defacement of the website and significant disruption of service. The scope of deletion is not limited by filesystem boundaries, amplifying the potential damage.
CVE-2025-24019 was publicly disclosed on 2025-01-21. Currently, there are no known public proof-of-concept exploits. The EPSS score is pending evaluation. While no active exploitation campaigns have been reported, the ease of exploitation once authenticated raises concerns about potential abuse, particularly in environments with weak authentication practices.
Exploit Status
EPSS
0.80% (74% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2025-24019 is to upgrade YesWiki to version 4.5.0 or later, which contains the fix. If an immediate upgrade is not feasible, consider restricting file access permissions for the FPM user to minimize the potential damage. Implement a Web Application Firewall (WAF) with rules to block suspicious file deletion requests targeting the filemanager endpoint. Regularly review and audit file permissions within the YesWiki installation to ensure least privilege access. After upgrading, verify the fix by attempting to delete a test file through the filemanager with an authenticated user account; the deletion should be denied.
Actualice YesWiki a la versión 4.5.0 o superior. Esta versión contiene una corrección para la vulnerabilidad de eliminación arbitraria de archivos. La actualización se puede realizar a través del panel de administración de YesWiki o descargando la última versión del sitio web oficial y reemplazando los archivos existentes.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2025-24019 is a vulnerability in YesWiki versions up to 4.4.5 that allows authenticated users to delete files owned by the FPM user, potentially leading to data loss and website defacement.
You are affected if you are running YesWiki version 4.4.5 or earlier. Upgrade to version 4.5.0 to resolve the vulnerability.
Upgrade YesWiki to version 4.5.0 or later. As a temporary workaround, restrict file access permissions for the FPM user.
No active exploitation campaigns have been reported, but the ease of exploitation warrants immediate attention and patching.
Refer to the YesWiki project's official website or security mailing list for the latest advisory and updates regarding CVE-2025-24019.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.