Cyber Resilience

CVE-2023-50254

CriticalPublic PoC

Published: 22 December 2023

Published
22 December 2023
Modified
21 November 2024
KEV Added
Patch
CVSS Score v3.1 9.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:H
EPSS Score 0.0885 92.7th percentile
Risk Priority 24 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2023-50254 is a critical-severity Path Traversal (CWE-22) vulnerability in Deepin Deepin Reader. Its CVSS base score is 9.3 (Critical).

Operationally, ranked in the top 7.3% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

Deeper analysis

Deepin Reader, the default document viewer in Deepin Linux, contains a path traversal flaw (CWE-22 and CWE-27) in all versions prior to 6.0.7. The defect allows an attacker-supplied DOCX file to overwrite arbitrary files on the victim system, most notably shell configuration files such as .bashrc or .bash_login, thereby enabling remote code execution the next time the user opens a terminal.

An unauthenticated remote attacker can deliver the malicious document through any channel that leads the victim to open it with deepin-reader. Because the vulnerability requires user interaction yet carries a CVSS scope change, successful exploitation grants the attacker the ability to execute arbitrary commands with the privileges of the opening user and potentially affect other users on the same host.

The project’s GitHub advisory (GHSA-q9jr-726g-9495) and the two commits that landed in version 6.0.7 (4db7a079 and c192fd20) confirm that the issue is resolved by adding proper path validation and rejecting unsafe file-write operations inside DOCX archives. Administrators are advised to update deepin-reader immediately and to avoid opening untrusted documents until the patch is applied.

EPSS for the CVE has remained flat at 0.0885 with no material increase since disclosure.

EU & UK References

Vulnerability details

Deepin Linux's default document reader `deepin-reader` software suffers from a serious vulnerability in versions prior to 6.0.7 due to a design flaw that leads to remote command execution via crafted docx document. This is a file overwrite vulnerability. Remote code…

more

execution (RCE) can be achieved by overwriting files like .bash_rc, .bash_login, etc. RCE will be triggered when the user opens the terminal. Version 6.0.7 contains a patch for the issue.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

deepin
deepin reader
≤ 6.0.7

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-22

Validates pathnames and filenames to prevent traversal outside intended directories.

References