Is there a public PoC exploit available for CVE-2025-11631?

Yes, a public proof-of-concept exploit is available for CVE-2025-11631. Prioritise patching immediately. EPSS: 0.1%.

RainyGao DocSys CVE-2025-11631

Q: What is the CVSS score of CVE-2025-11631?

CVE-2025-11631 has a CVSS 4.0 base score of 2.1 (Low). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.1%.

LOW

Path Traversal (CWE-22)

2025-10-12 cna@vuldb.com

Path Traversal Docsys

2.1

CVSS 4.0 · NVD

Severity by source

NVD PRIMARY

2.1 LOW

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Lifecycle Timeline

Analysis Generated

Apr 29, 2026 - 02:16 vuln.today

DescriptionCVE.org

A vulnerability was determined in RainyGao DocSys up to 2.02.36. Affected by this vulnerability is an unknown functionality of the file /Doc/deleteDoc.do. Executing manipulation of the argument path can lead to path traversal. The attack can be launched remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.

AnalysisAI

Path traversal in RainyGao DocSys up to version 2.02.36 allows authenticated remote attackers to manipulate the path argument in the /Doc/deleteDoc.do endpoint, enabling deletion or access to arbitrary files outside the intended directory. The vulnerability has been publicly disclosed with exploit code available on GitHub, though the vendor has not responded to early disclosure notifications. EPSS exploitation probability is low at 0.11%, and no active exploitation in CISA KEV has been reported.

Technical ContextAI

The vulnerability exploits improper input validation in the deleteDoc.do file operation handler. The path parameter is processed without proper canonicalization or directory boundary enforcement, allowing directory traversal sequences (such as ../ or absolute paths) to be passed directly to the file system API. This is a classic CWE-22 (Improper Limitation of a Pathname to a Restricted Directory) issue, where user-supplied input to file operations is not validated before being used in filesystem calls. The CPE indicates the vulnerability affects the DocSys product line across multiple versions up to 2.02.36.

RemediationAI

Upgrade RainyGao DocSys to a version newer than 2.02.36 immediately; however, no patched version has been confirmed by the vendor given their lack of response to disclosure. As an interim compensating control, implement strict input validation on the path parameter in deleteDoc.do by enforcing whitelist-based filename/directory restrictions and rejecting any input containing path traversal sequences (../, ..\, or absolute paths). Deploy Web Application Firewall (WAF) rules to block requests to /Doc/deleteDoc.do containing directory traversal patterns. Restrict file system permissions for the DocSys application process to the minimum necessary scope, preventing access to sensitive system directories. Apply authentication and authorization controls to ensure only trusted users can access the /Doc/deleteDoc.do endpoint. Monitor file deletion logs for unexpected activity. Given vendor non-responsiveness, consider evaluating alternative document management solutions if patches are not released within a defined timeframe.

CVE-2025-11631 vulnerability details – vuln.today

Back