Platform
php
Fixed in
1.0.1
A critical path traversal vulnerability has been identified in code-projects Document Management System versions 1.0. This flaw allows attackers to manipulate the 'ID' argument within the '/dell.php' file, potentially leading to unauthorized access and file disclosure. Affected versions include 1.0, and a patch is available in version 1.0.1.
The path traversal vulnerability in Document Management System allows an attacker to bypass intended access controls and read arbitrary files on the server. By crafting a malicious request that manipulates the 'ID' parameter in '/dell.php', an attacker can traverse directories and access sensitive data, such as configuration files, source code, or even user data. This could lead to data breaches, system compromise, and further exploitation. While the description doesn't specify a particular file, the potential for accessing critical system files is significant.
This vulnerability has been publicly disclosed, increasing the risk of exploitation. The exploit is considered relatively straightforward, potentially lowering the barrier to entry for attackers. No KEV listing or EPSS score is currently available. The public disclosure date (2025-08-01) indicates that attackers may already be actively scanning for vulnerable systems.
Exploit Status
EPSS
0.07% (22% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2025-8433 is to upgrade to version 1.0.1 of the Document Management System. If upgrading is not immediately feasible, consider implementing a Web Application Firewall (WAF) rule to filter requests containing path traversal sequences in the 'ID' parameter of '/dell.php'. Specifically, block requests containing sequences like '../' or '\\'. Additionally, review file permissions on the server to ensure that sensitive files are not accessible by the web server user. After upgrading, confirm the fix by attempting to access a file outside the intended directory via the /dell.php endpoint; access should be denied.
Update to a patched version of the document management system. If a patched version is not available, review and sanitize the input of the ID parameter in the dell.php file to prevent directory traversal. Validate that the file to be deleted is within the expected directory.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2025-8433 is a path traversal vulnerability in Document Management System versions 1.0, allowing attackers to access unauthorized files by manipulating the 'ID' parameter in '/dell.php'.
You are affected if you are using Document Management System version 1.0. Upgrade to version 1.0.1 to mitigate the vulnerability.
Upgrade to version 1.0.1. As a temporary workaround, implement a WAF rule to block requests containing path traversal sequences in the '/dell.php' endpoint.
While no confirmed exploitation is publicly reported, the vulnerability has been disclosed, increasing the risk of exploitation.
Refer to the code-projects website or relevant security mailing lists for the official advisory regarding CVE-2025-8433.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.