CVE-2025-7628
Published: 14 July 2025
Summary
CVE-2025-7628 is a low-severity Path Traversal (CWE-22) vulnerability in Yijiusmile Kkfileviewofficeedit. Its CVSS base score is 2.1 (Low).
Operationally, exploitation aligns with the MITRE ATT&CK technique Direct Volume Access (T1006); ranked in the top 31.8% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SI-10 (Information Input Validation).
Deeper analysis
CVE-2025-7628 is a path traversal vulnerability (CWE-22) in the YiJiuSmile kkFileViewOfficeEdit project, affecting the deleteFile function via the /deleteFile endpoint. The issue impacts versions up to commit 5fbc57c48e8fe6c1b91e0e7995e2d59615f37abd. It carries a CVSS v3.1 base score of 5.4 (AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L) and was published on 2025-07-14.
Attackers with low privileges (PR:L) can exploit this remotely by manipulating the fileName argument to traverse paths. Successful exploitation results in low-impact integrity (I:L) and availability (A:L) effects, with no confidentiality impact (C:N), potentially allowing deletion of files outside intended directories.
Advisories note the project's rolling release model, providing no specific details on affected or updated versions. The exploit has been publicly disclosed. Relevant resources include the GitHub issue at https://github.com/YiJiuSmile/kkFileViewOfficeEdit/issues/15 and VulDB entries at https://vuldb.com/?ctiid.316329, https://vuldb.com/?id.316329, and https://vuldb.com/?submit.609098. Practitioners should monitor the repository for fixes.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-21381
Vulnerability details
A vulnerability was found in YiJiuSmile kkFileViewOfficeEdit up to 5fbc57c48e8fe6c1b91e0e7995e2d59615f37abd. It has been classified as critical. This affects the function deleteFile of the file /deleteFile. The manipulation of the argument fileName leads to path traversal. It is possible to initiate…
more
the attack remotely. The exploit has been disclosed to the public and may be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Path traversal vulnerability in /deleteFile endpoint enables remote arbitrary file deletion, facilitating exploitation of public-facing application (T1190), direct volume access via filesystem path manipulation (T1006), and file deletion (T1070.004).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Validates the fileName argument on the /deleteFile endpoint to block path traversal sequences before file deletion occurs.
Enforces authorization checks on file operations so that manipulated fileName values cannot cause deletions outside the intended directory.
Restricts the application's operating privileges so that even a successful path traversal yields only limited file deletion impact.