CVE-2025-5328 is a path traversal vulnerability identified in version 2.7 of the chshcms mccms content management system. The vulnerability resides in the restore_del function within the /sys/apps/controllers/admin/Backups.php file. Specifically, the issue arises from improper validation of the 'dirs' argument, which an attacker can manipulate to traverse directories outside the intended scope. This flaw allows an unauthenticated remote attacker with low privileges to access or delete arbitrary files on the server by crafting malicious requests that exploit the path traversal. The vulnerability does not require user interaction and can be triggered remotely over the network. Although the vendor was notified early, no response or patch has been provided, and public exploit code has been disclosed, increasing the risk of exploitation. The CVSS v4.0 base score is 5.3, indicating a medium severity level, reflecting the limited impact on confidentiality and integrity but a notable impact on availability due to potential deletion of files. The vulnerability does not require authentication but does require low privileges, which suggests that some form of limited access or user account may be necessary to exploit the flaw. The absence of scope change and user interaction requirements further characterize the attack vector as network-based and straightforward once the attacker has the necessary privileges.

For European organizations using chshcms mccms version 2.7, this vulnerability poses a moderate risk. Successful exploitation could lead to unauthorized deletion or modification of critical backup files or other sensitive data, potentially causing service disruptions or data loss. This could impact business continuity, especially for organizations relying on mccms for content management and backup restoration. Confidentiality impact is limited since the vulnerability primarily allows deletion or manipulation of files rather than direct data disclosure. However, integrity and availability impacts are more pronounced, as attackers could delete backups or system files, leading to downtime or complicated recovery efforts. Given that the exploit requires low privileges, insider threats or compromised low-level accounts could be leveraged to launch attacks. The lack of vendor response and patches increases the window of exposure, making timely mitigation critical. European organizations in sectors with strict data protection regulations (e.g., GDPR) must consider the potential compliance implications of data loss or service interruptions caused by exploitation.

1. Immediate mitigation should include restricting access to the affected restore_del function by implementing strict access controls and monitoring usage logs for suspicious activity. 2. Employ web application firewalls (WAFs) with custom rules to detect and block path traversal patterns targeting the 'dirs' parameter. 3. If possible, disable or restrict backup restoration features until a patch or vendor fix is available. 4. Conduct thorough audits of user privileges to ensure that only trusted users have low-level access that could be exploited. 5. Implement network segmentation to isolate systems running chshcms mccms from untrusted networks and limit exposure. 6. Regularly back up critical data and store backups offline or in immutable storage to mitigate the impact of potential deletion attacks. 7. Monitor public vulnerability feeds and vendor communications closely for any forthcoming patches or updates. 8. Consider deploying intrusion detection systems (IDS) tuned to detect exploitation attempts against this vulnerability. 9. If source code access is available, apply temporary code-level mitigations such as input validation and sanitization on the 'dirs' parameter to prevent directory traversal sequences (e.g., ../).