CVE-2025-52805: CWE-35 Path Traversal in VaultDweller Leyka
Path Traversal vulnerability in VaultDweller Leyka allows PHP Local File Inclusion. This issue affects Leyka: from n/a through 3.31.9.
AI Analysis
Technical Summary
CVE-2025-52805 is a high-severity security vulnerability classified under CWE-35 (Path Traversal) affecting VaultDweller's Leyka product up to version 3.31.9. The vulnerability allows an attacker to perform a PHP Local File Inclusion (LFI) attack via path traversal techniques. Path traversal vulnerabilities occur when user-supplied input is not properly sanitized, enabling attackers to manipulate file paths and access files outside the intended directory scope. In this case, the flaw allows remote attackers to include and execute arbitrary PHP files on the server by crafting malicious requests that traverse directories. The CVSS 3.1 base score is 7.5, indicating a high impact with network attack vector (AV:N), high attack complexity (AC:H), no privileges required (PR:N), and requiring user interaction (UI:R). The scope is unchanged (S:U), but the impact on confidentiality, integrity, and availability is high (C:H/I:H/A:H). This means successful exploitation can lead to full system compromise, including disclosure of sensitive data, modification of files, and potential denial of service. No patches or exploits in the wild are currently reported, but the vulnerability is publicly disclosed as of July 4, 2025. The lack of available patches increases the urgency for mitigation. The vulnerability affects all versions of Leyka up to 3.31.9, with no specific version range provided beyond that. Given the nature of PHP LFI, attackers may chain this vulnerability with other exploits to escalate privileges or move laterally within networks.
Potential Impact
For European organizations, this vulnerability poses a significant risk, especially for those using Leyka in their web infrastructure or internal applications. The ability to include arbitrary PHP files remotely can lead to data breaches involving personal data protected under GDPR, resulting in regulatory penalties and reputational damage. Critical systems relying on Leyka could be compromised, affecting business continuity and service availability. The high impact on confidentiality, integrity, and availability means attackers could exfiltrate sensitive information, alter application behavior, or cause denial of service. Given the high attack complexity and requirement for user interaction, targeted phishing or social engineering campaigns may be used to exploit this vulnerability. Organizations in sectors such as finance, healthcare, and government, which often use PHP-based web applications and handle sensitive data, are particularly at risk. The absence of known exploits in the wild provides a window for proactive defense, but the public disclosure increases the likelihood of future exploitation attempts.
Mitigation Recommendations
European organizations should immediately conduct an inventory to identify any deployments of VaultDweller Leyka, particularly versions up to 3.31.9. Until a patch is available, implement strict input validation and sanitization on all user inputs that interact with file paths to prevent path traversal. Employ web application firewalls (WAFs) with custom rules to detect and block suspicious path traversal patterns and PHP file inclusion attempts. Restrict file system permissions for the web server user to the minimum necessary, preventing access to sensitive directories and files. Monitor logs for unusual file access patterns or errors indicative of LFI attempts. Educate users about the risks of interacting with suspicious links or attachments to reduce the likelihood of user interaction-based exploitation. Plan for rapid deployment of official patches once released by VaultDweller. Additionally, consider isolating Leyka instances in segmented network zones to limit lateral movement if compromised.
Affected Countries
Germany, France, United Kingdom, Italy, Spain, Netherlands, Belgium, Sweden, Poland, Austria
CVE-2025-52805: CWE-35 Path Traversal in VaultDweller Leyka
Description
Path Traversal vulnerability in VaultDweller Leyka allows PHP Local File Inclusion. This issue affects Leyka: from n/a through 3.31.9.
AI-Powered Analysis
Technical Analysis
CVE-2025-52805 is a high-severity security vulnerability classified under CWE-35 (Path Traversal) affecting VaultDweller's Leyka product up to version 3.31.9. The vulnerability allows an attacker to perform a PHP Local File Inclusion (LFI) attack via path traversal techniques. Path traversal vulnerabilities occur when user-supplied input is not properly sanitized, enabling attackers to manipulate file paths and access files outside the intended directory scope. In this case, the flaw allows remote attackers to include and execute arbitrary PHP files on the server by crafting malicious requests that traverse directories. The CVSS 3.1 base score is 7.5, indicating a high impact with network attack vector (AV:N), high attack complexity (AC:H), no privileges required (PR:N), and requiring user interaction (UI:R). The scope is unchanged (S:U), but the impact on confidentiality, integrity, and availability is high (C:H/I:H/A:H). This means successful exploitation can lead to full system compromise, including disclosure of sensitive data, modification of files, and potential denial of service. No patches or exploits in the wild are currently reported, but the vulnerability is publicly disclosed as of July 4, 2025. The lack of available patches increases the urgency for mitigation. The vulnerability affects all versions of Leyka up to 3.31.9, with no specific version range provided beyond that. Given the nature of PHP LFI, attackers may chain this vulnerability with other exploits to escalate privileges or move laterally within networks.
Potential Impact
For European organizations, this vulnerability poses a significant risk, especially for those using Leyka in their web infrastructure or internal applications. The ability to include arbitrary PHP files remotely can lead to data breaches involving personal data protected under GDPR, resulting in regulatory penalties and reputational damage. Critical systems relying on Leyka could be compromised, affecting business continuity and service availability. The high impact on confidentiality, integrity, and availability means attackers could exfiltrate sensitive information, alter application behavior, or cause denial of service. Given the high attack complexity and requirement for user interaction, targeted phishing or social engineering campaigns may be used to exploit this vulnerability. Organizations in sectors such as finance, healthcare, and government, which often use PHP-based web applications and handle sensitive data, are particularly at risk. The absence of known exploits in the wild provides a window for proactive defense, but the public disclosure increases the likelihood of future exploitation attempts.
Mitigation Recommendations
European organizations should immediately conduct an inventory to identify any deployments of VaultDweller Leyka, particularly versions up to 3.31.9. Until a patch is available, implement strict input validation and sanitization on all user inputs that interact with file paths to prevent path traversal. Employ web application firewalls (WAFs) with custom rules to detect and block suspicious path traversal patterns and PHP file inclusion attempts. Restrict file system permissions for the web server user to the minimum necessary, preventing access to sensitive directories and files. Monitor logs for unusual file access patterns or errors indicative of LFI attempts. Educate users about the risks of interacting with suspicious links or attachments to reduce the likelihood of user interaction-based exploitation. Plan for rapid deployment of official patches once released by VaultDweller. Additionally, consider isolating Leyka instances in segmented network zones to limit lateral movement if compromised.
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Patchstack
- Date Reserved
- 2025-06-19T10:03:28.882Z
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 6867b9f16f40f0eb72a04a04
Added to database: 7/4/2025, 11:24:33 AM
Last enriched: 7/4/2025, 11:41:12 AM
Last updated: 7/7/2025, 4:39:23 PM
Views: 6
Related Threats
CVE-2025-6514: CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CriticalCVE-2025-3499: CWE-78: Improper Neutralization of Special Elements used in an OS Command (’OS Command Injection’) in Radiflow iSAP Smart Collector
CriticalCVE-2025-3498: CWE-306: Missing Authentication for Critical Function in Radiflow iSAP Smart Collector
CriticalCVE-2025-27028: CWE-266: Incorrect Privilege Assignment in Radiflow iSAP Smart Collector
MediumCVE-2025-27027: CWE-653 Improper Isolation or Compartmentalization in Radiflow iSAP Smart Collector
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.