CRITICAL🇵🇱 Wersja polska

CVE-2025-63695

CVSS 9.8v3.1pub. 2025-11-18upd. 2025-11-20

DzzOffice v2.3.7 and before is vulnerable to Arbitrary File Upload in /dzz/system/ueditor/php/controller.php.

🤖 AI Analysis
How it works

The vulnerability (CWE-434) is located in the /dzz/system/ueditor/php/controller.php script, which handles files uploaded through the UEditor editor. Lack of proper validation of the type and extension of uploaded files allows an attacker to upload an executable file (e.g., a PHP webshell) without needing permissions or user interaction. After successful upload, the malicious file can be executed by the web server.

Impact

An attacker can gain full control over the server through remote code execution (RCE), as well as steal, modify, or destroy data stored in the system (loss of confidentiality, integrity, and availability).

Mitigation & patch

DzzOffice should be updated immediately to a version newer than 2.3.7 as soon as the vendor releases a patch. Until the patch is applied, it is recommended to restrict network access to the /dzz/system/ueditor/php/controller.php endpoint (e.g., through firewall rules or web server configuration) and disable file upload functionality in this feature. Patches available from the vendor should be applied according to the references.

Who is affected

DzzOffice version 2.3.7 and all earlier versions.

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Dzzoffice

    APP
    Dzzoffice
    ≤ 2.3.7
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2025-63694CRITICAL9.8PL ✓ten sam produkt

SQL Injection w DzzOffice – krytyczna podatność w module zarządzania grupami

CVE-2024-41376HIGH8.8ten sam produkt

dzzoffice 2.02.1 is vulnerable to Directory Traversal via user/space/about.php.

CVE-2022-43340HIGH8.8ten sam produkt

A Cross-Site Request Forgery (CSRF) in dzzoffice 2.02.1_SC_UTF8 allows attackers to arbitrarily create user ac...

CVE-2025-63693MEDIUM5.4ten sam produkt

The comment editing template (dzz/comment/template/edit_form.htm) in DzzOffice 2.3.x lacks adequate security e...

CVE-2024-29273MEDIUM6.1ten sam produkt

There is Stored Cross-Site Scripting (XSS) in dzzoffice 2.02.1 SC UTF8 in uploadfile to index.php, with the XS...