Q: What is this vulnerability? (Essence + Consequences)

🚨 **Essence**: Path Traversal in Oxidized Web < 0.15.0. 🔥 **Consequences**: Attackers control the Linux user account running the service via the RANCID migration page. Full system compromise possible.

Q: Root Cause? (CWE/Flaw)

🛡️ **CWE-22**: Improper Limitation of a Pathname to a Restricted Directory. ⚠️ **Flaw**: Unvalidated user input in the migration feature allows directory traversal, leading to unauthorized file access or execution.

Q: Who is affected? (Versions/Components)

📦 **Product**: Oxidized Web (Web UI + RESTful API for Oxidized). 👥 **Affected**: Versions **0.15.0 and earlier**. 🏢 **Vendor**: ytti (Personal Developer).

Q: Is it fixed officially? (Patch/Mitigation)

🔧 **Fixed**: Yes. 📌 **Version**: **0.15.0**. 🔗 **Release**: [GitHub Release 0.15.0](https://github.com/ytti/oxidized-web/releases/tag/0.15.0). ✅ **Action**: Upgrade immediately.

Q: Is it urgent? (Priority Suggestion)

🚨 **Priority**: **CRITICAL**. ⏳ **Urgency**: Immediate. 📉 **Risk**: Remote Code Execution/Full Compromise. 💡 **Advice**: Patch now. Do not wait.

Question 1

What is this vulnerability? (Essence + Consequences)

Accepted Answer

🚨 **Essence**: Path Traversal in Oxidized Web < 0.15.0.
🔥 **Consequences**: Attackers control the Linux user account running the service via the RANCID migration page. Full system compromise possible.

Question 2

Root Cause? (CWE/Flaw)

Accepted Answer

🛡️ **CWE-22**: Improper Limitation of a Pathname to a Restricted Directory.
⚠️ **Flaw**: Unvalidated user input in the migration feature allows directory traversal, leading to unauthorized file access or execution.

Question 3

Who is affected? (Versions/Components)

Accepted Answer

📦 **Product**: Oxidized Web (Web UI + RESTful API for Oxidized).
👥 **Affected**: Versions **0.15.0 and earlier**.
🏢 **Vendor**: ytti (Personal Developer).

Question 4

What can hackers do? (Privileges/Data)

Accepted Answer

💀 **Privileges**: Runs as the `oxidized-web` Linux user.
📂 **Data**: Can read/write files outside intended directories.
⚡ **Impact**: High (CVSS H).…

Question 5

Is exploitation threshold high? (Auth/Config)

Accepted Answer

🔓 **Auth**: None Required (PR:N).
🌐 **Network**: Remote (AV:N).
🧩 **Complexity**: High (AC:H).
👀 **UI**: None Required (UI:N).…

Question 6

Is there a public Exp? (PoC/Wild Exploitation)

Accepted Answer

💻 **PoC Available**: Yes.
🔗 **Link**: [fatkez/CVE-2025-27590](https://github.com/fatkz/CVE-2025-27590).
⚠️ **Note**: PoC describes Command Injection via Multipart Form Upload (`cloginrc`/`file1`).…

Question 7

How to self-check? (Features/Scanning)

Accepted Answer

🔍 **Check**: Scan for Oxidized Web instances.
🧪 **Test**: Attempt RANCID migration with malicious path traversal payloads (e.g., `../../etc/passwd`).…

Question 8

Is it fixed officially? (Patch/Mitigation)

Accepted Answer

🔧 **Fixed**: Yes.
📌 **Version**: **0.15.0**.
🔗 **Release**: [GitHub Release 0.15.0](https://github.com/ytti/oxidized-web/releases/tag/0.15.0).
✅ **Action**: Upgrade immediately.

Question 9

What if no patch? (Workaround)

Accepted Answer

🚫 **No Patch?**: Disable the RANCID migration page if possible.
🛡️ **Mitigation**: Restrict network access to the Web UI.…

Question 10

Is it urgent? (Priority Suggestion)

Accepted Answer

🚨 **Priority**: **CRITICAL**.
⏳ **Urgency**: Immediate.
📉 **Risk**: Remote Code Execution/Full Compromise.
💡 **Advice**: Patch now. Do not wait.

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2025-27590 — AI Deep Analysis Summary

Q1What is this vulnerability? (Essence + Consequences)

Q2Root Cause? (CWE/Flaw)

Q3Who is affected? (Versions/Components)

Q4What can hackers do? (Privileges/Data)

Q5Is exploitation threshold high? (Auth/Config)

Q6Is there a public Exp? (PoC/Wild Exploitation)

Q7How to self-check? (Features/Scanning)

Q8Is it fixed officially? (Patch/Mitigation)

Q9What if no patch? (Workaround)

Q10Is it urgent? (Priority Suggestion)

Continue exploring