EUVD-2025-17647CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
3Description
Absolute path disclosure vulnerability in DM Corporative CMS. This vulnerability allows an attacker to view the contents of webroot/file, if navigating to a non-existent file.
Analysis
CVE-2025-40662 is an absolute path disclosure vulnerability in DM Corporative CMS that exposes sensitive filesystem information when an attacker requests non-existent files within the webroot/file directory. This high-severity information disclosure (CVSS 7.5) affects DM Corporative CMS users and allows unauthenticated remote attackers to enumerate and discover the absolute filesystem paths of the application, which typically precedes further exploitation. The vulnerability has not been confirmed as actively exploited in the wild (KEV status unknown from provided data), but represents a significant reconnaissance vector with minimal attack complexity.
Technical Context
This vulnerability is rooted in CWE-200 (Exposure of Sensitive Information to an Unauthorized Actor), a common weakness in error handling and information disclosure. The underlying issue occurs in DM Corporative CMS's file handling mechanism within the webroot/file directory. When the application receives requests for non-existent files, it likely returns unfiltered error messages containing absolute filesystem paths (e.g., /var/www/html/webroot/file/nonexistent.txt), rather than generic error responses. This path disclosure occurs at the web application layer where error pages are rendered without sanitization. The vulnerability affects web-accessible file operations and suggests inadequate input validation or error suppression in the file request handler. The network-based attack vector (AV:N) indicates the flaw is exploitable remotely without any special access, and the lack of authentication requirement (PR:N) makes this particularly dangerous for reconnaissance.
Affected Products
DM Corporative CMS (all versions not explicitly patched). The CVE description does not provide specific version numbers or CPE strings from the vendor. Typical CPE pattern would be: cpe:2.4:a:dm_corporative:dm_corporative_cms:*:*:*:*:*:*:*:*. Affected installations include any deployment with DM Corporative CMS serving the webroot/file directory accessible to unauthenticated users. No vendor advisory link is provided in the data supplied; security teams should check the DM Corporative security advisories page for official patches and affected version ranges.
Remediation
1) **Patching**: Apply the latest security patch from DM Corporative immediately once released. Monitor vendor security advisories for CVE-2025-40662-specific patches. 2) **Error Suppression**: Configure the application to return generic HTTP 404 error pages without revealing absolute paths in error messages or server headers. 3) **Access Control**: Restrict access to the webroot/file directory at the web server level (nginx/Apache) to authenticated users only if possible. 4) **Web Application Firewall (WAF)**: Deploy rules to detect and block requests to non-existent files in /file/ paths and scrub absolute paths from responses. 5) **Monitoring**: Enable logging of file requests to detect reconnaissance activity targeting the /file/ directory. 6) **Workaround**: If patching is delayed, implement a reverse proxy or WAF rule that strips filesystem path information from HTTP responses before reaching clients. Consult DM Corporative's official security advisory (to be released) for version-specific patch URLs and timelines.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today