CVE-2025-65897
Published: 05 December 2025
Summary
CVE-2025-65897 is a high-severity Path Traversal (CWE-22) vulnerability in Zhaoyachao Zdh Web. Its CVSS base score is 8.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked in the top 46.6% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SI-10 (Information Input Validation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly requires validation of file upload paths to block path traversal attacks enabling arbitrary file writes.
Enforces logical access controls to restrict authenticated users from writing files outside authorized directories on the server.
Applies least privilege to the application process, limiting damage from arbitrary file overwrites by restricting write access to sensitive locations.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Arbitrary file write via path traversal enables exploitation of remote services (T1210), privilege escalation by overwriting critical files/executables (T1068), and RCE via uploaded web shells or scripts (T1505.003).
NVD Description
zdh_web is a data collection, processing, monitoring, scheduling, and management platform. In zdh_web thru 5.6.17, insufficient validation of file upload paths in the application allows an authenticated user to write arbitrary files to the server file system, potentially overwriting existing…
more
files and leading to privilege escalation or remote code execution.
Deeper analysisAI
CVE-2025-65897 affects zdh_web, an open-source data collection, processing, monitoring, scheduling, and management platform, through version 5.6.17. The vulnerability stems from insufficient validation of file upload paths in the application, enabling authenticated users to write arbitrary files to the server file system. This issue, associated with CWE-22 (Improper Limitation of a Pathname to a Restricted Directory) and CWE-434 (Comparison of Classes by Name), carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating high severity due to its potential for confidentiality, integrity, and availability impacts.
An attacker with low-privilege authenticated access (PR:L) can exploit this over the network (AV:N) with low complexity and no user interaction required. By crafting malicious file upload paths, they can place files in arbitrary locations on the server, overwriting critical system files. This may lead to privilege escalation by modifying configuration files or executables, or remote code execution if suitable files like scripts or binaries are overwritten or uploaded.
Mitigation details are available in the project's GitHub repository at https://github.com/zhaoyachao/zdh_web. A fix appears in commit b2423378a8bf83f159f19ce4e14eac71c939793a, with related discussion in issue #40 and pull request #39, recommending upgrade to a patched version beyond 5.6.17.
Details
- CWE(s)