Path Traversal Vulnerability in JoeyBling Bootplus Affects Remote File Handling
CVE-2025-0703

5.3MEDIUM

Key Information:

Vendor

Joeybling

Status
Bootplus
Vendor
CVE Published:
24 January 2025

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2025-0703?

A vulnerability has been identified in JoeyBling's bootplus that allows path traversal due to improper handling in the SysFileController.java file. This flaw may enable attackers to manipulate the argument names, potentially leading to unauthorized access to sensitive files on the server. The vulnerability can be exploited remotely, making it imperative for users to assess the impact and take preventive measures. Since the product does not utilize versioning, details regarding specific affected releases are not available, heightening the urgency for vigilance against potential misuse.

Affected Version(s)

bootplus 247d5f6c209be1a5cf10cd0fa18e1d8cc63cf55d

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2025-0703 - Proof of Concept

References

https://vuldb.com/?id.293231
vdb-entrytechnical-description
https://vuldb.com/?ctiid.293231
signaturepermissions-required
https://vuldb.com/?submit.480842
third-party-advisory

CVSS V4

Score:
5.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • 🟡

    Public PoC available

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

LVZC3 (VulDB User)
.
CVE-2025-0703 : Path Traversal Vulnerability in JoeyBling Bootplus Affects Remote File Handling