FKIE_CVE-2025-25284

Vulnerability from fkie_nvd - Published: 2025-02-18 19:15 - Updated: 2025-02-18 19:15
Severity ?
8.7 (High) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
Summary
The ZOO-Project is an open source processing platform, released under MIT/X11 Licence. A vulnerability in ZOO-Project's WPS (Web Processing Service) implementation allows unauthorized access to files outside the intended directory through path traversal. Specifically, the Gdal_Translate service, when processing VRT (Virtual Format) files, does not properly validate file paths referenced in the VRTRasterBand element, allowing attackers to read arbitrary files on the system. The vulnerability exists because the service doesn't properly sanitize the SourceFilename parameter in VRT files, allowing relative path traversal sequences (../). When combined with VRT's raw data handling capabilities, this allows reading arbitrary files as raw binary data and converting them to TIFF format, effectively exposing their contents. This vulnerability is particularly severe because it allows attackers to read sensitive system files, potentially exposing configuration data, credentials, or other confidential information stored on the server. An unauthenticated attacker can read arbitrary files from the system through path traversal, potentially accessing sensitive information such as configuration files, credentials, or other confidential data stored on the server. The vulnerability requires no authentication and can be exploited remotely through the WPS service. This issue has been addressed in commit `5f155a8` and all users are advised to upgrade. There are no known workarounds for this vulnerability.
References
security-advisories@github.comhttps://github.com/ZOO-Project/ZOO-Project/commit/5f155a8
security-advisories@github.comhttps://github.com/ZOO-Project/ZOO-Project/security/advisories/GHSA-8c27-wmvv-3p38
Impacted products
Vendor Product Version
To clipboard 

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The ZOO-Project is an open source processing platform, released under MIT/X11 Licence. A vulnerability in ZOO-Project\u0027s WPS (Web Processing Service) implementation allows unauthorized access to files outside the intended directory through path traversal. Specifically, the Gdal_Translate service, when processing VRT (Virtual Format) files, does not properly validate file paths referenced in the VRTRasterBand element, allowing attackers to read arbitrary files on the system. The vulnerability exists because the service doesn\u0027t properly sanitize the SourceFilename parameter in VRT files, allowing relative path traversal sequences (../). When combined with VRT\u0027s raw data handling capabilities, this allows reading arbitrary files as raw binary data and converting them to TIFF format, effectively exposing their contents. This vulnerability is particularly severe because it allows attackers to read sensitive system files, potentially exposing configuration data, credentials, or other confidential information stored on the server. An unauthenticated attacker can read arbitrary files from the system through path traversal, potentially accessing sensitive information such as configuration files, credentials, or other confidential data stored on the server. The vulnerability requires no authentication and can be exploited remotely through the WPS service. This issue has been addressed in commit `5f155a8` and all users are advised to upgrade. There are no known workarounds for this vulnerability."
    },
    {
      "lang": "es",
      "value": "ZOO-Project es una plataforma de procesamiento de c\u00f3digo abierto, publicada bajo la licencia MIT/X11. Una vulnerabilidad en la implementaci\u00f3n de WPS (Web Processing Service) del proyecto ZOO permite el acceso no autorizado a archivos fuera del directorio previsto a trav\u00e9s de path traversal. En concreto, el servicio Gdal_Translate, al procesar archivos VRT (Virtual Format), no valida correctamente las rutas de archivo a las que se hace referencia en el elemento VRTRasterBand, lo que permite a los atacantes leer archivos arbitrarios en el sistema. La vulnerabilidad existe porque el servicio no desinfecta correctamente el par\u00e1metro SourceFilename en los archivos VRT, lo que permite secuencias de navegaci\u00f3n por path traversal (../). Cuando se combina con las capacidades de gesti\u00f3n de datos sin procesar de VRT, esto permite leer archivos arbitrarios como datos binarios sin procesar y convertirlos a formato TIFF, exponiendo de manera efectiva su contenido. Esta vulnerabilidad es particularmente grave porque permite a los atacantes leer archivos sensibles del sistema, lo que potencialmente expone datos de configuraci\u00f3n, credenciales u otra informaci\u00f3n confidencial almacenada en el servidor. Un atacante no autenticado puede leer archivos arbitrarios del sistema a trav\u00e9s de path traversal, lo que podr\u00eda permitirle acceder a informaci\u00f3n confidencial, como archivos de configuraci\u00f3n, credenciales u otros datos confidenciales almacenados en el servidor. La vulnerabilidad no requiere autenticaci\u00f3n y se puede explotar de forma remota a trav\u00e9s del servicio WPS. Este problema se ha solucionado en el commit `5f155a8` y se recomienda a todos los usuarios que actualicen. No existen workarounds para esta vulnerabilidad."
    }
  ],
  "id": "CVE-2025-25284",
  "lastModified": "2025-02-18T19:15:28.797",
  "metrics": {
    "cvssMetricV40": [
      {
        "cvssData": {
          "Automatable": "NOT_DEFINED",
          "Recovery": "NOT_DEFINED",
          "Safety": "NOT_DEFINED",
          "attackComplexity": "LOW",
          "attackRequirements": "NONE",
          "attackVector": "NETWORK",
          "availabilityRequirement": "NOT_DEFINED",
          "baseScore": 8.7,
          "baseSeverity": "HIGH",
          "confidentialityRequirement": "NOT_DEFINED",
          "exploitMaturity": "NOT_DEFINED",
          "integrityRequirement": "NOT_DEFINED",
          "modifiedAttackComplexity": "NOT_DEFINED",
          "modifiedAttackRequirements": "NOT_DEFINED",
          "modifiedAttackVector": "NOT_DEFINED",
          "modifiedPrivilegesRequired": "NOT_DEFINED",
          "modifiedSubAvailabilityImpact": "NOT_DEFINED",
          "modifiedSubConfidentialityImpact": "NOT_DEFINED",
          "modifiedSubIntegrityImpact": "NOT_DEFINED",
          "modifiedUserInteraction": "NOT_DEFINED",
          "modifiedVulnAvailabilityImpact": "NOT_DEFINED",
          "modifiedVulnConfidentialityImpact": "NOT_DEFINED",
          "modifiedVulnIntegrityImpact": "NOT_DEFINED",
          "privilegesRequired": "NONE",
          "providerUrgency": "NOT_DEFINED",
          "subAvailabilityImpact": "NONE",
          "subConfidentialityImpact": "NONE",
          "subIntegrityImpact": "NONE",
          "userInteraction": "NONE",
          "valueDensity": "NOT_DEFINED",
          "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
          "version": "4.0",
          "vulnAvailabilityImpact": "NONE",
          "vulnConfidentialityImpact": "HIGH",
          "vulnIntegrityImpact": "NONE",
          "vulnerabilityResponseEffort": "NOT_DEFINED"
        },
        "source": "security-advisories@github.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2025-02-18T19:15:28.797",
  "references": [
    {
      "source": "security-advisories@github.com",
      "url": "https://github.com/ZOO-Project/ZOO-Project/commit/5f155a8"
    },
    {
      "source": "security-advisories@github.com",
      "url": "https://github.com/ZOO-Project/ZOO-Project/security/advisories/GHSA-8c27-wmvv-3p38"
    }
  ],
  "sourceIdentifier": "security-advisories@github.com",
  "vulnStatus": "Awaiting Analysis",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-22"
        }
      ],
      "source": "security-advisories@github.com",
      "type": "Secondary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.