CVE-2025-65879

HighPublic PoC

Published: 05 December 2025

Published

05 December 2025

Modified

12 December 2025

KEV Added

—

Patch

—

CVSS Score 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

EPSS Score 0.0067 71.6th percentile

Risk Priority 17 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-65879 is a high-severity Path Traversal (CWE-22) vulnerability in Yeqifu Warehouse Management System. Its CVSS base score is 8.1 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 28.4% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-9 (Information Input Restrictions).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190) and 2 other techniques. What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match

prevent

SI-10 requires validation mechanisms for the user-controlled goodsimg parameter to prevent directory traversal payloads from enabling arbitrary file deletion.

SI-9 Information Input Restrictions good match

prevent

SI-9 enforces input restrictions at application boundaries to block traversal characters like '../' in the goodsimg parameter.

AC-3 Access Enforcement partial match

prevent

AC-3 enforces access control policies that restrict file deletion operations to only intended resources, addressing improper pathname limitations.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

T1070.004 File Deletion Stealth

Adversaries may delete files left behind by the actions of their intrusion activity.

attack.mitre.org →

T1485 Data Destruction Impact

Adversaries may destroy data and files on specific systems or in large numbers on a network to interrupt availability to systems, services, and network resources.

attack.mitre.org →

Why these techniques?

The vulnerability allows authenticated arbitrary file deletion via path traversal in a public-facing web application endpoint, enabling exploitation of public-facing applications (T1190), indicator removal via file deletion (T1070.004, T1107), and data destruction (T1485) including logs, configs, and critical files for DoS.

NVD Description

Warehouse Management System 1.2 contains an authenticated arbitrary file deletion vulnerability. The /goods/deleteGoods endpoint accepts a user-controlled goodsimg parameter, which is directly concatenated with the server's UPLOAD_PATH and passed to File.delete() without validation. A remote authenticated attacker can delete arbitrary…

files on the server by supplying directory traversal payloads.

Deeper analysisAI

CVE-2025-65879 is an authenticated arbitrary file deletion vulnerability in Warehouse Management System version 1.2. The flaw occurs in the /goods/deleteGoods endpoint, where the user-controlled goodsimg parameter is directly concatenated with the server's UPLOAD_PATH and passed to File.delete() without any validation. This allows directory traversal payloads to target files outside the intended upload directory.

A remote authenticated attacker with low privileges (PR:L) can exploit the vulnerability over the network (AV:N) with low attack complexity (AC:L) and no user interaction (UI:N). Exploitation enables the deletion of arbitrary files on the server, resulting in high impacts to integrity (I:H) and availability (A:H), but no confidentiality loss (C:N). The vulnerability carries a CVSS v3.1 base score of 8.1 and is associated with CWE-22 (Improper Limitation of a Pathname to a Restricted Directory).

Mitigation details are available in the referenced advisory at https://github.com/W000i/vuln/issues/3, published on 2025-12-05.