CVE-2025-13875 identifies a path traversal vulnerability in the oci-helper utility developed by Yohann0617, specifically in versions 3.2.0 through 3.2.4. The vulnerability resides in the addCfg function within the OCI Configuration Upload component, implemented in the OciServiceImpl.java source file. This flaw allows an attacker to manipulate the file argument passed to the function, enabling traversal outside the intended directory structure. Such manipulation can lead to unauthorized reading or potentially overwriting of arbitrary files on the host system. The attack vector is remote, requiring no user interaction, but does require low-level privileges (PR:L) on the system. The CVSS 4.0 vector indicates network attack vector, low attack complexity, no privileges required, no user interaction, and low impact on confidentiality, integrity, and availability. Although the vendor was notified early, they have not issued any patches or advisories, and no known exploits have been observed in the wild yet. The availability of proof-of-concept exploit code increases the risk of future exploitation. This vulnerability is particularly concerning for environments that rely on oci-helper for managing OCI configurations, as it could allow attackers to access sensitive configuration files or system files, potentially leading to further compromise.

For European organizations, exploitation of this vulnerability could lead to unauthorized disclosure of sensitive configuration files or system data, impacting confidentiality and integrity. Organizations using oci-helper in their cloud infrastructure management or container orchestration pipelines may face risks of lateral movement or privilege escalation if attackers leverage this flaw. Although the impact on availability is low, the breach of sensitive configuration data could undermine trust and compliance with data protection regulations such as GDPR. The lack of vendor response and patches increases the window of exposure. Industries with critical cloud deployments, such as finance, healthcare, and manufacturing, could be particularly affected. The medium severity rating suggests moderate risk, but the potential for escalation or chaining with other vulnerabilities could increase the overall threat level.

Immediate mitigation steps include restricting network access to the oci-helper service to trusted administrators only, implementing strict file system permissions to limit the scope of accessible files, and monitoring logs for unusual file access patterns indicative of path traversal attempts. Organizations should conduct thorough audits of systems running vulnerable versions and isolate them if possible. Employing application-layer firewalls or intrusion detection systems with custom rules to detect path traversal payloads can help detect exploitation attempts. Until official patches are released, consider deploying compensating controls such as containerization or sandboxing of the oci-helper process to limit potential damage. Regularly check for vendor updates or community patches and apply them promptly. Additionally, educating system administrators about the risks and signs of exploitation can improve early detection and response.