CVE-2025-66945 is a path traversal vulnerability identified in the ZIP extraction API of Zdir Pro version 4.x. The vulnerability arises because the API does not properly sanitize or validate file paths within ZIP archives submitted to the /api/extract backend endpoint. An attacker can craft a ZIP archive containing file paths with directory traversal sequences (e.g., ../) that cause the extraction process to write files outside the intended directory. This arbitrary file overwrite capability can be leveraged to replace critical system or application files, potentially leading to remote code execution if executable files or scripts are overwritten or planted. The vulnerability requires no authentication and no user interaction, making it remotely exploitable over the network. The CVSS v3.1 base score of 9.1 reflects the vulnerability's high impact on confidentiality and integrity, with network attack vector, low attack complexity, and no privileges or user interaction required. The CWE classification is CWE-787 (Out-of-bounds Write), consistent with path traversal leading to unauthorized file writes. Although no public exploits are currently known, the severity and ease of exploitation make this a critical threat for any organization using Zdir Pro 4.x. The lack of available patches at the time of publication increases the urgency for mitigation.

The impact of CVE-2025-66945 is significant for organizations using Zdir Pro 4.x, especially those exposing the /api/extract endpoint to untrusted networks. Successful exploitation allows attackers to overwrite arbitrary files on the server, potentially compromising system integrity and confidentiality. This can lead to remote code execution, enabling attackers to execute arbitrary commands, deploy malware, or establish persistent access. The vulnerability can disrupt business operations, lead to data breaches, and cause reputational damage. Since no authentication or user interaction is required, the attack surface is broad, increasing the likelihood of exploitation. Organizations in sectors relying on Zdir Pro for file management or web services are particularly at risk. The absence of known exploits currently provides a window for proactive defense, but the critical severity demands immediate attention.

To mitigate CVE-2025-66945, organizations should first verify if they are running Zdir Pro version 4.x and assess exposure of the /api/extract endpoint. Until an official patch is released, implement the following specific measures: 1) Restrict network access to the extraction API by applying firewall rules or network segmentation to limit access to trusted users and systems only. 2) Employ web application firewalls (WAFs) with custom rules to detect and block ZIP archives containing directory traversal patterns such as '../'. 3) Implement input validation and sanitization on the server side to reject ZIP files with suspicious file paths before extraction. 4) Monitor file system changes in directories used by Zdir Pro for unusual or unauthorized modifications. 5) Consider disabling or temporarily disabling the ZIP extraction API if it is not essential for operations. 6) Prepare for rapid patch deployment once an official fix becomes available from the vendor. 7) Conduct regular security audits and penetration testing focusing on file upload and extraction functionalities. These targeted mitigations go beyond generic advice by focusing on network controls, input validation, and monitoring specific to the vulnerable API.