CVE-2025-11631
Published: 12 October 2025
Summary
CVE-2025-11631 is a low-severity Path Traversal (CWE-22) vulnerability in Docsys Project Docsys. Its CVSS base score is 2.1 (Low).
Operationally, exploitation aligns with the MITRE ATT&CK technique File Deletion (T1070.004); ranked at the 36.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and AC-3 (Access Enforcement).
Deeper analysis
CVE-2025-11631 is a path traversal vulnerability (CWE-22) in RainyGao DocSys versions up to 2.02.36. The flaw affects an unknown functionality within the /Doc/deleteDoc.do endpoint, where manipulation of the "path" argument enables attackers to traverse directories and access or manipulate files outside the intended scope.
The vulnerability is remotely exploitable over the network (AV:N) with low attack complexity (AC:L), requiring low privileges (PR:L) and no user interaction (UI:N). Successful exploitation results in low impacts to integrity (I:L) and availability (A:L) with no confidentiality impact (C:N) and unchanged scope (S:U), as indicated by its CVSS v3.1 base score of 5.4. Authenticated users with minimal access can leverage the path traversal to delete arbitrary files.
Advisories note that the vendor was contacted early about the issue but provided no response, and no patches or official mitigations are available. References, including VulDB entries and GitHub repositories, disclose a public proof-of-concept exploit that demonstrates the arbitrary file deletion capability, which may already be in use by attackers.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-33888
Vulnerability details
A vulnerability was determined in RainyGao DocSys up to 2.02.36. Affected by this vulnerability is an unknown functionality of the file /Doc/deleteDoc.do. Executing manipulation of the argument path can lead to path traversal. The attack can be launched remotely. The…
more
exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Path traversal in /Doc/deleteDoc.do enables exploitation of a public-facing web application (T1190) for arbitrary remote file deletion (T1070.004), impacting integrity and availability.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly requires validation of the path argument on /Doc/deleteDoc.do to reject traversal sequences before arbitrary file deletion can occur.
Enforces access-control policy on file-system operations so that even a successfully traversed path cannot result in unauthorized deletion.
Limits authenticated users to the minimum privileges needed, reducing the ability of low-privilege accounts to delete files outside intended directories.