Cyber Resilience

CVE-2025-0461

Medium

Published: 14 January 2025

Published
14 January 2025
Modified
28 August 2025
KEV Added
Patch
CVSS Score v4 5.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0139 80.8th percentile
Risk Priority 11 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-0461 is a medium-severity Path Traversal (CWE-22) vulnerability in 51Mis Lingdang Crm. Its CVSS base score is 5.3 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Direct Volume Access (T1006); ranked in the top 19.2% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2025-0461 is a path traversal vulnerability, tracked under CWE-22, that affects Shanghai Lingdang Information Technology Lingdang CRM versions up to 8.6.0.0. The issue exists in the handling of the pathfile argument within the endpoint /crm/weixinmp/index.php?userid=123&module=Users&usid=1&action=UsersAjax&minipro_const_type=1&related_module=Singin, allowing an attacker to manipulate file paths and access resources outside the web root.

An authenticated remote attacker with low privileges can exploit the flaw to read arbitrary files on the server. Publicly available exploit details have been released, and the vendor did not respond to early disclosure notification. The CVSS 4.0 score is 5.3, reflecting limited impact confined to confidentiality.

The EPSS score stands at 0.0139 with no material change from its recorded peak. Details appear in VulDB entries and a GitHub repository containing disclosure documentation.

EU & UK References

Vulnerability details

A vulnerability has been found in Shanghai Lingdang Information Technology Lingdang CRM up to 8.6.0.0 and classified as problematic. This vulnerability affects unknown code of the file /crm/weixinmp/index.php?userid=123&module=Users&usid=1&action=UsersAjax&minipro_const_type=1&related_module=Singin. The manipulation of the argument pathfile leads to path traversal. The attack…

more

can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1006 Direct Volume Access Stealth
Adversaries may directly access a volume to bypass file access controls and file system monitoring.
T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1213.004 Customer Relationship Management Software Collection
Adversaries may leverage Customer Relationship Management (CRM) software to mine valuable information.
Why these techniques?

Path traversal (CWE-22) in public-facing CRM web application enables remote arbitrary file read (T1006: Direct Volume Access), exploitation of public-facing application for initial access (T1190), and collection of data from CRM information repository (T1213.004).

CVEs Like This One

CVE-2025-0462Same product: 51Mis Lingdang Crm
CVE-2025-9140Same product: 51Mis Lingdang Crm
CVE-2025-0463Same product: 51Mis Lingdang Crm
CVE-2025-2708Shared CWE-22
CVE-2025-14224Shared CWE-22
CVE-2025-14704Shared CWE-22
CVE-2025-13816Shared CWE-22
CVE-2025-7628Shared CWE-22
CVE-2025-64075Shared CWE-22
CVE-2024-53537Shared CWE-22

Affected Assets

51mis
lingdang crm
8.6.0.0

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

SI-10 directly prevents path traversal by requiring validation of the pathfile argument to reject traversal sequences like '../'.

prevent

SI-2 mandates timely identification and remediation of flaws like this path traversal vulnerability through patching or workarounds.

prevent

AC-3 enforces access control policies to limit file reads to authorized directories, mitigating unauthorized access via path traversal.

References