Key Information Vulnerability Overview Vulnerability Name: Arbitrary File Deletion Vulnerability (CVE-2025-60730) Affected System: PerfreeBlog System Official Website: https://perfree.org.cn/ Download Link: https://gitee.com/PerfreeBlog/PerfreeBlog Vulnerability Description Vulnerability Type: Arbitrary File Deletion Vulnerability Impact: Allows deletion of any file on the server Vulnerable Version Affected Version: Latest version 4.0.11 Vulnerability Principle Related Code: Issue: In the function, the parameter is used directly without proper validation. It only checks whether the directory or file exists, allowing directory traversal via to delete arbitrary files. Vulnerability Reproduction Steps 1. Log in to the admin panel and navigate to Theme Management. 2. Uninstall a theme and capture the request packet. 3. Create a file in the root directory. 4. Modify to achieve arbitrary file deletion: - Set to: - Send the file deletion request: Result Successfully deletes any file on the server.