EUVD-2025-19049
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
4Tags
Description
Directory Traversal vulnerability in novel plus before v.5.1.0 allows a remote attacker to execute arbitrary code via the filePath parameter
Analysis
CVE-2025-45890 is a critical directory traversal vulnerability in Novel Plus before v5.1.0 that allows unauthenticated remote attackers to execute arbitrary code by manipulating the filePath parameter. The vulnerability has a CVSS score of 9.8 (critical severity) with a network-based attack vector requiring no privileges or user interaction. Given the critical CVSS metrics and remote code execution capability, this vulnerability poses an immediate and severe risk to all unpatched Novel Plus installations and warrants emergency patching.
Technical Context
This vulnerability exploits improper input validation in the filePath parameter handling within Novel Plus, a web application framework. The root cause is classified as CWE-22 (Path Traversal), which occurs when user-supplied input is used to construct file paths without adequate sanitization or canonicalization. Attackers can use directory traversal sequences (e.g., '../', '..\', Unicode encoding, or path normalization bypasses) to escape intended directories and access arbitrary files on the system. The ability to traverse to sensitive locations combined with file read/write operations enables arbitrary code execution, likely through overwriting application files, configuration files, or uploading malicious scripts to executable directories. The vulnerability likely affects the file handling subsystem across multiple endpoints that accept filePath as a parameter without proper validation against path traversal attacks.
Affected Products
Novel Plus versions prior to v5.1.0 are affected. Specific vulnerable versions include all releases up to and including v5.0.x. The CPE string would likely be: cpe:2.3:a:novel_plus:novel_plus:*:*:*:*:*:*:*:* with versions <5.1.0. Affected systems include any deployment running Novel Plus in a web server context (Apache, Nginx, IIS, etc.) with file upload or file handling functionality accessible via HTTP/HTTPS. Organizations using Novel Plus as a content management system, document repository, or file handling service are at highest risk. The vulnerability affects both Linux/Unix and Windows deployments.
Remediation
Immediate actions: (1) Upgrade all Novel Plus installations to version 5.1.0 or later immediately—this is a critical emergency patch; (2) If immediate upgrade is impossible, implement emergency mitigations: (a) Disable or restrict access to any endpoints accepting filePath parameters using Web Application Firewall (WAF) rules blocking path traversal sequences ('../', '..\', URL encoding variants, Unicode normalization); (b) Implement strict input validation on filePath parameters, rejecting any input containing path traversal characters or sequences; (c) Run Novel Plus with minimal file system permissions, restricting write access to only necessary directories; (d) Enable file integrity monitoring on application directories to detect unauthorized modifications; (3) Verify patch integrity after upgrade; (4) Restart all affected services after patching; (5) Monitor application logs for exploitation attempts using patterns like '../', '..%2f', or other path traversal indicators in filePath parameters; (6) Conduct post-incident forensics to identify any successful exploitations or file modifications.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today