Is there a public PoC exploit available for CVE-2025-11630?

Yes, a public proof-of-concept exploit is available for CVE-2025-11630. Prioritise patching immediately. EPSS: 0.1%.

RainyGao DocSys CVE-2025-11630

Q: What is the CVSS score of CVE-2025-11630?

CVE-2025-11630 has a CVSS 4.0 base score of 2.1 (Low). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.1%.

LOW

Path Traversal (CWE-22)

2025-10-12 cna@vuldb.com

File Upload Path Traversal Docsys

2.1

CVSS 4.0 · NVD

Severity by source

NVD PRIMARY

2.1 LOW

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Lifecycle Timeline

Analysis Generated

Apr 29, 2026 - 02:16 vuln.today

DescriptionCVE.org

A vulnerability was found in RainyGao DocSys up to 2.02.36. Affected is the function updateRealDoc of the file /Doc/uploadDoc.do of the component File Upload. Performing manipulation of the argument path results in path traversal. The attack can be initiated remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.

AnalysisAI

Path traversal in RainyGao DocSys up to version 2.02.36 allows authenticated remote attackers to manipulate the 'path' parameter in the updateRealDoc function (/Doc/uploadDoc.do) to write files outside intended directories. The vulnerability affects the file upload component and has publicly available exploit code, though the low CVSS score (2.1) and minimal EPSS (0.12%) indicate limited real-world impact despite confirmed public exploitability.

Technical ContextAI

The vulnerability exists in the file upload functionality of DocSys, specifically in the updateRealDoc function accessible via the /Doc/uploadDoc.do endpoint. CWE-22 (Improper Limitation of a Pathname to a Restricted Directory) indicates insufficient input validation on the 'path' parameter, allowing attackers to traverse directory structures using path traversal sequences (e.g., '../../../'). The CPE cpe:2.3:a:docsys_project:docsys identifies this as affecting the DocSys project application. When processing file uploads, the application fails to sanitize or validate the destination path, permitting an authenticated user to write files to arbitrary locations on the server where the application has write permissions.

RemediationAI

No vendor-released patch has been identified at the time of analysis. Immediate remediation options include: (1) Upgrade DocSys to a version newer than 2.02.36 if available from the vendor (contact RainyGao directly or check their official repository); (2) If upgrade is not possible, restrict network access to the /Doc/uploadDoc.do endpoint to trusted internal networks only, using a reverse proxy, WAF, or firewall rules to block external access; (3) Implement strict input validation on the 'path' parameter by filtering or rejecting any request containing path traversal sequences ('../', '..\', unicode encoding of these sequences); (4) Run the application with minimal file system permissions-ensure the process user cannot write outside the intended upload directory; (5) Monitor file upload activity for suspicious path patterns in logs. The trade-off of network restriction is reduced availability but significantly lower exploitation risk; input filtering may be bypassed if encoding is not comprehensive. Given the unresponsive vendor, consider evaluating alternative file management solutions.

CVE-2025-11630 vulnerability details – vuln.today

Back