CVE-2025-0461
Published: 14 January 2025
Summary
CVE-2025-0461 is a medium-severity Path Traversal (CWE-22) vulnerability in 51Mis Lingdang Crm. Its CVSS base score is 4.3 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Direct Volume Access (T1006); ranked in the top 22.5% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
SI-10 directly prevents path traversal by requiring validation of the pathfile argument to reject traversal sequences like '../'.
SI-2 mandates timely identification and remediation of flaws like this path traversal vulnerability through patching or workarounds.
AC-3 enforces access control policies to limit file reads to authorized directories, mitigating unauthorized access via path traversal.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Path traversal (CWE-22) in public-facing CRM web application enables remote arbitrary file read (T1006: Direct Volume Access), exploitation of public-facing application for initial access (T1190), and collection of data from CRM information repository (T1213.004).
NVD Description
A vulnerability has been found in Shanghai Lingdang Information Technology Lingdang CRM up to 8.6.0.0 and classified as problematic. This vulnerability affects unknown code of the file /crm/weixinmp/index.php?userid=123&module=Users&usid=1&action=UsersAjax&minipro_const_type=1&related_module=Singin. The manipulation of the argument pathfile leads to path traversal. The attack…
more
can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Deeper analysisAI
CVE-2025-0461 is a path traversal vulnerability (CWE-22) discovered in Shanghai Lingdang Information Technology's Lingdang CRM software, affecting versions up to 8.6.0.0. The issue resides in unknown code within the file /crm/weixinmp/index.php?userid=123&module=Users&usid=1&action=UsersAjax&minipro_const_type=1&related_module=Singin, where manipulation of the pathfile argument enables attackers to traverse directories and access unauthorized files.
The vulnerability can be exploited remotely by an authenticated attacker with low privileges (PR:L), requiring no user interaction (UI:N) and low attack complexity (AC:L). Successful exploitation results in limited confidentiality impact (C:L), allowing read access to files outside the intended directory, with no impact on integrity or availability (I:N/A:N). The CVSS v3.1 base score is 4.3 (AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N), classifying it as medium severity.
VulDB advisories (ctiid.291478, id.291478, submit.474252) document the issue, and a proof-of-concept exploit is publicly available in a GitHub repository (BxYQ/ld/blob/main/downloadSocialPromotionQrcode_fileread.doc). The vendor was notified early but has not responded or issued any patches or mitigations as of the CVE publication on 2025-01-14.
The exploit has been disclosed to the public and may be actively used, increasing the risk for unpatched Lingdang CRM deployments.
Details
- CWE(s)