Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2025-63914 PoC — Cinnamon kotaemon 安全漏洞

Source
https://github.com/WxDou/CVE-2025-63914
Associated Vulnerability
Title:Cinnamon kotaemon 安全漏洞 (CVE-2025-63914)
Description:An issue was discovered in Cinnamon kotaemon 0.11.0. The _may_extract_zip function in the \libs\ktem\ktem\index\file\ui.py file does not check the contents of uploaded ZIP files. Although the contents are extracted into a temporary folder that is cleared before each extraction, successfully uploading a ZIP bomb could still cause the server to consume excessive resources during decompression. Moreover, if no further files are uploaded afterward, the extracted data could occupy disk space and potentially render the system unavailable. Anyone with permission to upload files can carry out this attack.
Description
Public disclosure and patch for CVE-2025-63914: Zip bomb vulnerability in Cinnamon/kotaemon.
Readme
# CVE-2025-63914
Public disclosure and patch for CVE-2025-63914: Zip bomb vulnerability in Cinnamon/kotaemon.

### Summary

The `_may_extract_zip` function fails to enforce limits on ZIP decompression, allowing a malicious ZIP bomb to trigger excessive resource consumption and denial of service.

### Details

The `_may_extract_zip` function in the `\libs\ktem\ktem\index\file\ui.py` file does not check the contents of uploaded ZIP files. Although the contents are extracted into a temporary folder that is cleared before each extraction, successfully uploading a ZIP bomb could still cause the server to consume excessive resources during decompression. Moreover, if no further files are uploaded afterward, the extracted data could occupy disk space and potentially render the system unavailable. Anyone with permission to upload files can carry out this attack.

### PoC

Use the command to pull and run the latest image:

```
docker run \
--name kotaemon \
-e GRADIO_SERVER_NAME=0.0.0.0 \
-e GRADIO_SERVER_PORT=7860 \
-v /home/kali/ktem_app_data/:/app/ktem_app_data \
-p 7860:7860 -d \
ghcr.io/cinnamon/kotaemon:0.11.0-full
```

Create a highly compressible payload consisting of repeated bytes to achieve extreme compression ratios.

![img1](images/img1.png)

During the process we may notice slowdowns due to resource consumption, and we can check the size of the temporary directory.

![img2](images/img2.png)

This resource usage will remain even when no other files are being uploaded.

### Impact

An attacker with file-upload privileges can submit a crafted ZIP archive that causes uncontrolled disk, CPU, and memory consumption, leading to service crash or host outage. All instances — including the latest release (0.11.0) — are affected.

### Patch

A test ZIP bomb and the corresponding patch for version 0.11.0 are provided in this repository.

**Patch overview:**

- Replace extractall with streamed extraction.
- Enforce limits: per-file size, total uncompressed size, and member count.
- Reject encrypted entries and extreme compression ratios.
- Whitelist file extensions.
- Cleanup on errors.
File Snapshot

 [4.0K]  /data/pocs/0dbd83c98aaab05660f41a2726823d59e0912331
├── [ 10M]  bomb.zip
├── [4.0K]  images
│   ├── [113K]  img1.png
│   └── [ 38K]  img2.png
├── [8.4K]  kotaemon.patch
└── [2.1K]  README.md

2 directories, 5 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →