Skip to main content

PerfreeBlog CVE-2025-60729

MEDIUM
Buffer Over-read (CWE-126)
2025-10-24 cve@mitre.org
5.3
CVSS 3.1 · Vendor: mitre
Share

Severity by source

Vendor (mitre) PRIMARY
5.3 MEDIUM
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
vuln.today AI
5.3 MEDIUM

Network-exploitable path traversal with no auth or interaction; C:L reflects constrained file read scope absent evidence of unrestricted filesystem access.

3.1 AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
4.0 AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Primary rating from Vendor (mitre).

CVSS VectorVendor: mitre

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
None
Availability
None

Lifecycle Timeline

1
Analysis Generated
Jul 05, 2026 - 04:16 vuln.today

DescriptionCVE.org

PerfreeBlog v4.0.11 has an arbitrary file read vulnerability in the validThemeFilePath function

AnalysisAI

Arbitrary file read in PerfreeBlog v4.0.11 allows unauthenticated remote attackers to read files outside the intended web root by bypassing path validation in the validThemeFilePath function. The vulnerability is network-exploitable with no authentication or user interaction required, and a public proof-of-concept is documented on GitHub. No active exploitation has been confirmed by CISA KEV, and the EPSS score of 0.33% suggests limited observed exploitation activity despite the POC's existence.

Technical ContextAI

PerfreeBlog is a Java-based blogging platform developed by Perfree (perfree.org.cn), identified via CPE cpe:2.3:a:perfree:perfreeblog:4.0.11. The vulnerability resides in the validThemeFilePath function, which is responsible for validating file paths when serving theme-related assets. The assigned CWE is CWE-126 (Buffer Over-read), though this classification appears to be a mislabeling - the described impact (arbitrary file read via path validation bypass) is more consistent with CWE-22 (Path Traversal / Improper Limitation of a Pathname to a Restricted Directory). This discrepancy suggests NVD or reporter tagging error and should be treated as an informational inconsistency. The root cause is likely insufficient canonicalization or allowlist enforcement in the path validation routine, enabling directory traversal sequences (e.g., ../) to escape the intended theme file directory and access arbitrary server files.

RemediationAI

No vendor-released patch has been identified at the time of analysis - no fixed version number appears in the available reference data. The NVD reference points to a researcher-authored PoC document at the GitHub repository (https://github.com/dengxmenglihua/cve/blob/main/PerfreeBlog/File%20Read/Arbitrary%20File%20Read%20Vulnerability%20in%20PerfreeBlog%20System.md) and the vendor site (https://perfree.org.cn/), but no patched release is cited. Administrators should check the official Perfree release page for updates beyond 4.0.11. As an immediate compensating control, restrict network access to theme file serving endpoints at the reverse proxy or WAF layer, blocking path traversal patterns (../, %2e%2e, URL-encoded variants) in file path parameters. Additionally, run the PerfreeBlog application process under a dedicated low-privilege OS user with filesystem access scoped strictly to the web root and theme directories, limiting the blast radius of a successful read. Disabling the theme file preview or upload functionality if not operationally required eliminates the attack surface entirely. Trade-off: WAF rules may produce false positives on legitimate theme file requests using non-standard path structures.

Share

CVE-2025-60729 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy