Cyber Resilience

CVE-2025-7627

LowPublic PoC

Published: 14 July 2025

Published
14 July 2025
Modified
29 April 2026
KEV Added
Patch
CVSS Score v4 2.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0036 58.4th percentile
Risk Priority 4 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-7627 is a low-severity Improper Access Control (CWE-284) vulnerability in Yijiusmile Kkfileviewofficeedit. Its CVSS base score is 2.1 (Low).

Operationally, exploitation aligns with the MITRE ATT&CK technique Ingress Tool Transfer (T1105); ranked in the top 41.6% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SI-10 (Information Input Validation).

Deeper analysis

CVE-2025-7627 is a critical vulnerability in the YiJiuSmile kkFileViewOfficeEdit project, affecting versions up to commit 5fbc57c48e8fe6c1b91e0e7995e2d59615f37abd. The flaw exists in the fileUpload function exposed at the /fileUpload endpoint, where manipulation of the File argument enables unrestricted file upload. It is associated with CWEs-284 (Improper Access Control) and CWE-434 (Unrestricted Upload of File with Dangerous Type), and carries a CVSS v3.1 base score of 6.3.

The vulnerability is exploitable remotely over the network with low attack complexity and no user interaction required, but demands low privileges (PR:L) from the attacker. A successful exploit allows limited impacts on confidentiality, integrity, and availability (C:L/I:L/A:L) within the unchanged scope, enabling an authenticated user to upload arbitrary files that could facilitate further compromise depending on server configuration and file handling.

Advisories on VulDB (ctiid.316328, id.316328) and the project's GitHub issue #14 document the issue, noting that the exploit has been publicly disclosed and may be actively used. As kkFileViewOfficeEdit employs a rolling release model for continuous delivery, no specific affected or patched versions are defined; practitioners should review the GitHub repository for commits addressing the vulnerability and implement input validation or access controls on the /fileUpload endpoint as mitigations.

EU & UK References

Vulnerability details

A vulnerability was found in YiJiuSmile kkFileViewOfficeEdit up to 5fbc57c48e8fe6c1b91e0e7995e2d59615f37abd and classified as critical. Affected by this issue is the function fileUpload of the file /fileUpload. The manipulation of the argument File leads to unrestricted upload. The attack may be…

more

launched remotely. The exploit has been disclosed to the public and may be used. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1105 Ingress Tool Transfer Command And Control
Adversaries may transfer tools or other files from an external system into a compromised environment.
Why these techniques?

Unrestricted file upload at /fileUpload directly enables arbitrary file ingress (T1105) for further compromise; web shell or initial access mappings are plausible but not explicitly indicated.

Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-7628Same product: Yijiusmile Kkfileviewofficeedit
CVE-2026-5573Shared CWE-284, CWE-434
CVE-2025-7880Shared CWE-284, CWE-434
CVE-2025-1590Shared CWE-284, CWE-434
CVE-2025-1834Shared CWE-284, CWE-434
CVE-2026-1107Shared CWE-284, CWE-434
CVE-2025-0722Shared CWE-284, CWE-434
CVE-2025-2687Shared CWE-284, CWE-434
CVE-2026-4221Shared CWE-284, CWE-434
CVE-2024-13133Shared CWE-284, CWE-434

Affected Assets

yijiusmile
kkfileviewofficeedit
≤ 2019-03-19

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires validation of uploaded files at the /fileUpload endpoint to reject dangerous types and block the unrestricted upload flaw.

prevent

Enforces access control policy on the fileUpload function so only authorized actions and file types are permitted, preventing the CWE-284/CWE-434 bypass.

prevent

Limits upload privileges to the minimum required, reducing the attack surface for an authenticated user exploiting the remote file upload vector.

References