CVE-2025-12923 is a path traversal vulnerability identified in liweiyi ChestnutCMS versions 1.5.0 through 1.5.8. The flaw resides in the resourceDownload function within the /dev-api/common/download API endpoint, where the 'path' parameter is insufficiently validated. This allows an attacker with high privileges to craft a request that traverses directories on the server filesystem, potentially accessing sensitive files outside the intended directory scope. The vulnerability is remotely exploitable without user interaction, but requires the attacker to have elevated privileges on the system, which limits the ease of exploitation. The vulnerability has a CVSS 4.0 base score of 5.1 (medium severity), reflecting its moderate impact on confidentiality and limited scope. No known public exploits are currently active, but the public disclosure increases the risk of future exploitation. The vulnerability does not impact integrity or availability directly but poses a confidentiality risk by exposing sensitive server files. No official patches or fixes have been linked yet, so mitigation relies on access controls and input validation until an update is released.

For European organizations, this vulnerability poses a moderate risk primarily to confidentiality. Unauthorized access to sensitive files could lead to leakage of intellectual property, customer data, or configuration files containing credentials. Organizations using ChestnutCMS in sectors such as government, finance, healthcare, or critical infrastructure could face regulatory compliance issues under GDPR if personal data is exposed. The requirement for high privileges reduces the likelihood of widespread exploitation but insider threats or compromised accounts could leverage this vulnerability. The absence of known active exploits currently lowers immediate risk but the public disclosure means attackers may develop exploits soon. Disruption to business operations is unlikely, but reputational damage and potential legal consequences from data breaches are significant concerns. European entities relying on ChestnutCMS for content management should assess their exposure and prioritize remediation to mitigate data confidentiality risks.

1. Immediately restrict access to the /dev-api/common/download endpoint to trusted administrators only, using network-level controls such as firewalls or VPNs. 2. Implement strict input validation and sanitization on the 'path' parameter to prevent directory traversal sequences (e.g., '..', '%2e%2e'). 3. Monitor logs for suspicious requests attempting path traversal patterns targeting the vulnerable endpoint. 4. Enforce the principle of least privilege to limit user accounts with high privileges that can exploit this vulnerability. 5. Regularly audit and review user permissions and access controls within ChestnutCMS. 6. Stay alert for official patches or updates from liweiyi and apply them promptly once available. 7. Consider deploying web application firewalls (WAFs) with custom rules to block path traversal attempts. 8. Conduct internal penetration testing to verify the effectiveness of mitigations and identify any residual risks.