How to fix EUVD-2025-201452?

Within 24 hours: Disable the `/file/showImageByPath` endpoint or restrict access to trusted internal networks only; implement WAF rules to block directory traversal patterns in path parameters; audit logs for exploitation attempts. Within 7 days: Apply network segmentation to isolate the warehouse management system; deploy compensating controls and conduct forensic analysis for unauthorized file access. Within 30 days: Coordinate with vendor for patch release; develop upgrade plan; perform full security assessment of the application.

Is Warehouse Management System affected by EUVD-2025-201452?

A high-severity vulnerability in the warehouse management system version 1.2 allows attackers to read arbitrary files from our servers without authentication, potentially exposing sensitive data such as credentials, configurations, and proprietary information.

EUVD-2025-201452

| CVE-2025-65878 HIGH

2025-12-05 [email protected]

7.5

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

Lifecycle Timeline

EUVD ID Assigned

Mar 15, 2026 - 17:08 euvd

EUVD-2025-201452

Analysis Generated

Mar 15, 2026 - 17:08 vuln.today

PoC Detected

Dec 12, 2025 - 12:51 vuln.today

Public exploit code

CVE Published

Dec 05, 2025 - 17:16 nvd

HIGH 7.5

Description

The warehouse management system version 1.2 contains an arbitrary file read vulnerability. The endpoint `/file/showImageByPath` does not sanitize user-controlled path parameters. An attacker could exploit directory traversal to read arbitrary files on the server's file system. This could lead to the leakage of sensitive system information.

Analysis

The warehouse management system version 1.2 contains an arbitrary file read vulnerability. The endpoint /file/showImageByPath does not sanitize user-controlled path parameters. An attacker could exploit directory traversal to read arbitrary files on the server's file system. This could lead to the leakage of sensitive system information.

Technical Context

Path traversal allows an attacker to access files outside the intended directory by manipulating file paths with sequences like '../'.

Affected Products

Affected products: Yeqifu Warehouse Management System 1.2

Remediation

Validate and sanitize file path inputs. Use a whitelist of allowed files or directories. Implement chroot jails or containerization.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.7

CVSS: +38

POC: +20

EUVD-2025-201452 vulnerability details – vuln.today

Back

EUVD-2025-201452

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

EUVD-2025-201452

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

External POC / Exploit Code