Platform
other
Component
ipublish-system
Fixed in
0.0.1
CVE-2025-7146 describes a Path Traversal vulnerability discovered in the iPublish System, developed by Jhenggao. This vulnerability allows unauthenticated remote attackers to read arbitrary system files, potentially exposing sensitive information. The vulnerability impacts versions 0–0 of the iPublish System. A fix is available in version 0.0.1.
The primary impact of CVE-2025-7146 is the ability for an unauthenticated attacker to read any file accessible to the iPublish System process. This includes configuration files, source code, and potentially even sensitive data like database credentials or API keys. Successful exploitation could lead to complete system compromise, data exfiltration, and further malicious activity. While the vulnerability requires no authentication, the attacker must be able to reach the iPublish System over a network.
CVE-2025-7146 was publicly disclosed on 2025-07-08. No public proof-of-concept exploits are currently known. The EPSS score is pending evaluation. It is recommended to monitor security advisories and threat intelligence feeds for any updates regarding exploitation attempts.
Exploit Status
EPSS
0.11% (30% percentile)
CISA SSVC
CVSS Vector
The recommended mitigation for CVE-2025-7146 is to immediately upgrade to version 0.0.1 of the iPublish System. If upgrading is not immediately feasible, consider implementing strict access controls to the iPublish System server to limit potential attacker access. Network segmentation can also help isolate the system. While a WAF might be able to detect and block attempts to exploit path traversal, it is not a substitute for patching. Monitor system logs for unusual file access patterns.
Update to a patched version of the iPublish system. Contact the vendor (Jhenggao) for the latest secure version. If no version is available, consider disabling or replacing the iPublish system.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2025-7146 is a vulnerability allowing unauthenticated attackers to read arbitrary files on an iPublish System server. It has a CVSS score of 7.5 (HIGH).
If you are using iPublish System versions 0–0, you are affected. Upgrade to version 0.0.1 to mitigate the risk.
The fix is to upgrade to version 0.0.1 of the iPublish System. If immediate upgrade isn't possible, implement strict access controls and network segmentation.
Currently, there are no confirmed reports of active exploitation, but it's crucial to apply the patch promptly.
Refer to the Jhenggao website or relevant security mailing lists for the official advisory regarding CVE-2025-7146.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.