Cyber Posture

CVE-2025-7628

MediumPublic PoC

Published: 14 July 2025

Published
14 July 2025
Modified
29 April 2026
KEV Added
Patch
CVSS Score 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
EPSS Score 0.0054 67.9th percentile
Risk Priority 11 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-7628 is a medium-severity Path Traversal (CWE-22) vulnerability in Yijiusmile Kkfileviewofficeedit. Its CVSS base score is 5.4 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Direct Volume Access (T1006); ranked in the top 32.1% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

Threat & Defense at a Glance

What attackers do: exploitation maps to Direct Volume Access (T1006) and 2 other techniques.
Threat & Defense Details

Likely Mitigating ControlsAI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

SI-10 Information Input Validation
addresses: CWE-22

Validates pathnames and filenames to prevent traversal outside intended directories.

MITRE ATT&CK Enterprise TechniquesAI

T1006 Direct Volume Access Stealth
Adversaries may directly access a volume to bypass file access controls and file system monitoring.
attack.mitre.org →
T1070.004 File Deletion Stealth
Adversaries may delete files left behind by the actions of their intrusion activity.
attack.mitre.org →
T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
Why these techniques?

Path traversal vulnerability in /deleteFile endpoint enables remote arbitrary file deletion, facilitating exploitation of public-facing application (T1190), direct volume access via filesystem path manipulation (T1006), and file deletion (T1070.004).

NVD Description

A vulnerability was found in YiJiuSmile kkFileViewOfficeEdit up to 5fbc57c48e8fe6c1b91e0e7995e2d59615f37abd. It has been classified as critical. This affects the function deleteFile of the file /deleteFile. The manipulation of the argument fileName leads to path traversal. It is possible to initiate…

more

the attack remotely. The exploit has been disclosed to the public and may be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available.

Deeper analysisAI

CVE-2025-7628 is a path traversal vulnerability (CWE-22) in the YiJiuSmile kkFileViewOfficeEdit project, affecting the deleteFile function via the /deleteFile endpoint. The issue impacts versions up to commit 5fbc57c48e8fe6c1b91e0e7995e2d59615f37abd. It carries a CVSS v3.1 base score of 5.4 (AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L) and was published on 2025-07-14.

Attackers with low privileges (PR:L) can exploit this remotely by manipulating the fileName argument to traverse paths. Successful exploitation results in low-impact integrity (I:L) and availability (A:L) effects, with no confidentiality impact (C:N), potentially allowing deletion of files outside intended directories.

Advisories note the project's rolling release model, providing no specific details on affected or updated versions. The exploit has been publicly disclosed. Relevant resources include the GitHub issue at https://github.com/YiJiuSmile/kkFileViewOfficeEdit/issues/15 and VulDB entries at https://vuldb.com/?ctiid.316329, https://vuldb.com/?id.316329, and https://vuldb.com/?submit.609098. Practitioners should monitor the repository for fixes.

Details

CWE(s)
CWE-22

Affected Products

yijiusmile
kkfileviewofficeedit
≤ 2019-03-19

CVEs Like This One

CVE-2025-7627Same product: Yijiusmile Kkfileviewofficeedit
CVE-2025-2328Shared CWE-22
CVE-2025-66251Shared CWE-22
CVE-2025-6439Shared CWE-22
CVE-2025-14344Shared CWE-22
CVE-2026-6832Shared CWE-22
CVE-2026-34728Shared CWE-22
CVE-2025-65792Shared CWE-22
CVE-2025-1336Shared CWE-22
CVE-2025-66410Shared CWE-22

References