CVE-2025-45752 is a high-severity vulnerability identified in SeedDMS version 6.0.32, a document management system used for organizing and managing digital documents. The vulnerability arises from the zip import functionality within the Extension Manager component. Specifically, an attacker who already possesses administrative privileges can exploit this feature to execute arbitrary PHP code on the server hosting SeedDMS. This is classified under CWE-94, which relates to improper control of code generation, indicating that the system fails to properly validate or sanitize input before executing it as code. The vulnerability requires no user interaction beyond the attacker’s own actions and has a low attack complexity, meaning it is straightforward to exploit once admin access is obtained. The CVSS v3.1 score of 7.2 reflects a high severity, with impacts on confidentiality, integrity, and availability. Exploiting this flaw could allow an attacker to execute malicious code, potentially leading to full system compromise, data theft, or disruption of services. Although no public exploits have been reported yet, the presence of this vulnerability in a widely used document management platform poses a significant risk, especially in environments where administrative credentials might be compromised or shared.

For European organizations using SeedDMS 6.0.32, this vulnerability presents a critical risk. Given that administrative privileges are required, the threat is particularly relevant in scenarios where credential management is weak or insider threats exist. Successful exploitation could lead to unauthorized access to sensitive documents, alteration or deletion of critical data, and potential lateral movement within the network. This could disrupt business operations, violate data protection regulations such as GDPR, and result in reputational damage and financial penalties. Organizations in sectors with stringent compliance requirements, such as finance, healthcare, and government, are especially vulnerable. Furthermore, the ability to execute arbitrary PHP code could allow attackers to deploy persistent backdoors, escalate privileges, or pivot to other systems, amplifying the overall impact.

To mitigate this vulnerability, European organizations should: 1) Immediately upgrade SeedDMS to a patched version once available from the vendor or apply any official workarounds. 2) Restrict administrative access to trusted personnel and enforce strong authentication mechanisms, including multi-factor authentication (MFA). 3) Monitor and audit all administrative actions within SeedDMS, particularly those involving the Extension Manager and zip import functionality. 4) Implement network segmentation to limit the exposure of the SeedDMS server and reduce the blast radius of a potential compromise. 5) Conduct regular security assessments and penetration testing focused on privilege escalation and code injection vectors. 6) Employ web application firewalls (WAFs) with rules designed to detect and block suspicious PHP code execution attempts. 7) Educate administrators about the risks of this vulnerability and the importance of credential security. These steps go beyond generic advice by focusing on operational controls and monitoring specific to the vulnerability’s exploitation path.