Cyber Resilience

CVE-2025-7628

LowPublic PoC

Published: 14 July 2025

Published
14 July 2025
Modified
29 April 2026
KEV Added
Patch
CVSS Score v4 2.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0054 68.2th percentile
Risk Priority 5 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-7628 is a low-severity Path Traversal (CWE-22) vulnerability in Yijiusmile Kkfileviewofficeedit. Its CVSS base score is 2.1 (Low).

Operationally, exploitation aligns with the MITRE ATT&CK technique Direct Volume Access (T1006); ranked in the top 31.8% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SI-10 (Information Input Validation).

Deeper analysis

CVE-2025-7628 is a path traversal vulnerability (CWE-22) in the YiJiuSmile kkFileViewOfficeEdit project, affecting the deleteFile function via the /deleteFile endpoint. The issue impacts versions up to commit 5fbc57c48e8fe6c1b91e0e7995e2d59615f37abd. It carries a CVSS v3.1 base score of 5.4 (AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L) and was published on 2025-07-14.

Attackers with low privileges (PR:L) can exploit this remotely by manipulating the fileName argument to traverse paths. Successful exploitation results in low-impact integrity (I:L) and availability (A:L) effects, with no confidentiality impact (C:N), potentially allowing deletion of files outside intended directories.

Advisories note the project's rolling release model, providing no specific details on affected or updated versions. The exploit has been publicly disclosed. Relevant resources include the GitHub issue at https://github.com/YiJiuSmile/kkFileViewOfficeEdit/issues/15 and VulDB entries at https://vuldb.com/?ctiid.316329, https://vuldb.com/?id.316329, and https://vuldb.com/?submit.609098. Practitioners should monitor the repository for fixes.

EU & UK References

Vulnerability details

A vulnerability was found in YiJiuSmile kkFileViewOfficeEdit up to 5fbc57c48e8fe6c1b91e0e7995e2d59615f37abd. It has been classified as critical. This affects the function deleteFile of the file /deleteFile. The manipulation of the argument fileName leads to path traversal. It is possible to initiate…

more

the attack remotely. The exploit has been disclosed to the public and may be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1006 Direct Volume Access Stealth
Adversaries may directly access a volume to bypass file access controls and file system monitoring.
T1070.004 File Deletion Stealth
Adversaries may delete files left behind by the actions of their intrusion activity.
T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

Path traversal vulnerability in /deleteFile endpoint enables remote arbitrary file deletion, facilitating exploitation of public-facing application (T1190), direct volume access via filesystem path manipulation (T1006), and file deletion (T1070.004).

CVEs Like This One

CVE-2025-7627Same product: Yijiusmile Kkfileviewofficeedit
CVE-2026-3666Shared CWE-22
CVE-2018-25308Shared CWE-22
CVE-2026-22460Shared CWE-22
CVE-2025-69377Shared CWE-22
CVE-2025-14850Shared CWE-22
CVE-2025-26752Shared CWE-22
CVE-2026-4350Shared CWE-22
CVE-2025-65792Shared CWE-22
CVE-2026-4758Shared CWE-22

Affected Assets

yijiusmile
kkfileviewofficeedit
≤ 2019-03-19

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Validates the fileName argument on the /deleteFile endpoint to block path traversal sequences before file deletion occurs.

prevent

Enforces authorization checks on file operations so that manipulated fileName values cannot cause deletions outside the intended directory.

prevent

Restricts the application's operating privileges so that even a successful path traversal yields only limited file deletion impact.

References