CVE-2025-11630
Published: 12 October 2025
Summary
CVE-2025-11630 is a low-severity Path Traversal (CWE-22) vulnerability in Docsys Project Docsys. Its CVSS base score is 2.1 (Low).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 38.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SI-10 (Information Input Validation).
Deeper analysis
CVE-2025-11630 is a path traversal vulnerability (CWE-22) in RainyGao DocSys versions up to 2.02.36. The issue affects the updateRealDoc function within the /Doc/uploadDoc.do endpoint of the File Upload component, where manipulation of the path argument allows attackers to traverse directories outside the intended upload location.
The vulnerability has a CVSS v3.1 base score of 6.3 (AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L), indicating medium severity. It can be exploited remotely by an authenticated user with low privileges, requiring no user interaction. Successful exploitation enables limited impacts on confidentiality, integrity, and availability, such as unauthorized file access, modification, or deletion via directory traversal during file uploads.
VulDB advisories (ctiid.328042, id.328042, submit.664845) document the issue, noting that an exploit has been publicly disclosed on GitHub. The vendor was contacted early regarding disclosure but provided no response, and no patches or official mitigations are available from the references.
The public exploit availability increases the risk of immediate exploitation in affected environments.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-33885
Vulnerability details
A vulnerability was found in RainyGao DocSys up to 2.02.36. Affected is the function updateRealDoc of the file /Doc/uploadDoc.do of the component File Upload. Performing manipulation of the argument path results in path traversal. The attack can be initiated remotely.…
more
The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Path traversal vulnerability in public-facing web application upload endpoint enables exploitation of public-facing application.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly requires validation and sanitization of the path argument in /Doc/uploadDoc.do to reject traversal sequences before file operations occur.
Enforces access-control policy on the upload endpoint so that only authorized paths within the intended directory may be written.
Limits the privileges of authenticated users so that even successful traversal yields minimal additional file-system access.