How to fix CVE-2025-65879?

Within 24 hours: Audit logs for unauthorized file deletion activity and restrict access to the /goods/deleteGoods endpoint to essential personnel only. Within 7 days: Implement WAF rules to block directory traversal patterns in the goodsimg parameter and consider disabling the file deletion feature if not operationally critical. Within 30 days: Evaluate alternative WMS solutions or prepare for vendor patch deployment; conduct full system audit of deleted files and restore from backups if compromise is confirmed.

Is Warehouse Management System affected by CVE-2025-65879?

A HIGH severity vulnerability in Warehouse Management System 1.2 allows authenticated users to delete arbitrary files on affected servers through directory traversal manipulation.

CVE-2025-65879

EUVD-2025-201418 HIGH

2025-12-05 [email protected]

8.1

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

High

Availability

High

Lifecycle Timeline

EUVD ID Assigned

Mar 15, 2026 - 17:08 euvd

EUVD-2025-201418

Analysis Generated

Mar 15, 2026 - 17:08 vuln.today

PoC Detected

Dec 12, 2025 - 12:51 vuln.today

Public exploit code

CVE Published

Dec 05, 2025 - 17:16 nvd

HIGH 8.1

Description

Warehouse Management System 1.2 contains an authenticated arbitrary file deletion vulnerability. The /goods/deleteGoods endpoint accepts a user-controlled goodsimg parameter, which is directly concatenated with the server's UPLOAD_PATH and passed to File.delete() without validation. A remote authenticated attacker can delete arbitrary files on the server by supplying directory traversal payloads.

Analysis

Technical Context

Path traversal allows an attacker to access files outside the intended directory by manipulating file paths with sequences like '../'.

Affected Products

Affected products: Yeqifu Warehouse Management System

Remediation

Validate and sanitize file path inputs. Use a whitelist of allowed files or directories. Implement chroot jails or containerization.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.9

CVSS: +40

POC: +20

CVE-2025-65879 vulnerability details – vuln.today

Back

CVE-2025-65879

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

CVE-2025-65879

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

External POC / Exploit Code