CVE-2025-5029 is a path traversal vulnerability identified in the Kingdee Cloud Galaxy Private Cloud BBC System, specifically affecting versions up to 9.0 Patch April 2025. The vulnerability resides in the file handler component, within the function BaseServiceFactory.getFileUploadService.deleteFileAction, located in the file fileUpload/deleteFileAction.jhtml. The issue arises from improper validation or sanitization of the 'filePath' argument, which an attacker can manipulate to traverse directories outside the intended file system scope. This allows an attacker to potentially access or delete arbitrary files on the server hosting the application. The vulnerability can be exploited remotely without requiring user interaction or elevated privileges, making it accessible to unauthenticated attackers with network access to the service. The disclosed CVSS 4.0 vector (AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N) indicates network attack vector, low attack complexity, no user interaction, and limited impact on confidentiality, integrity, and availability. Although no known exploits are currently active in the wild, public disclosure increases the risk of exploitation. The vulnerability's medium severity rating reflects the moderate impact and ease of exploitation, particularly given the partial privileges required (PR:L) and the potential for limited integrity and availability impact through file deletion or unauthorized file access. Organizations using Kingdee Cloud Galaxy Private Cloud BBC System should prioritize patching this vulnerability once a fix is available to prevent unauthorized file system access and potential service disruption.

For European organizations utilizing Kingdee Cloud Galaxy Private Cloud BBC System, this vulnerability poses a risk of unauthorized file deletion or access, which could lead to disruption of cloud services, data loss, or exposure of sensitive information. Given that the vulnerability allows remote exploitation without user interaction, attackers could automate attacks to compromise systems. The impact on confidentiality is limited but non-negligible, as path traversal could expose configuration files or other sensitive data. Integrity and availability impacts are more pronounced due to the ability to delete files, potentially causing service outages or data integrity issues. Organizations in sectors relying heavily on cloud infrastructure, such as finance, manufacturing, and public services, could face operational disruptions and compliance risks, especially under stringent European data protection regulations like GDPR. The medium severity suggests that while the threat is significant, it may not lead to full system compromise but still requires timely remediation to avoid escalation or chained attacks.

1. Apply official patches from Kingdee as soon as they become available to address the vulnerability directly. 2. Implement strict input validation and sanitization on all file path parameters to prevent traversal sequences (e.g., '..', '%2e%2e') from being processed. 3. Employ web application firewalls (WAFs) with rules specifically designed to detect and block path traversal attempts targeting the affected endpoints. 4. Restrict file system permissions for the application process to the minimum necessary, ensuring it cannot access or delete files outside designated directories. 5. Monitor logs for unusual file deletion or access patterns, especially requests to the deleteFileAction endpoint with suspicious filePath parameters. 6. Conduct regular security assessments and penetration testing focusing on file handling functionalities to detect similar vulnerabilities proactively. 7. Segment network access to the Kingdee Cloud Galaxy Private Cloud BBC System, limiting exposure to trusted networks and reducing the attack surface. 8. Educate system administrators and security teams about this vulnerability to ensure rapid detection and response to any exploitation attempts.