CVE-2025-66945 is a path traversal vulnerability identified in the ZIP extraction API of Zdir Pro version 4.x. The vulnerability arises when the backend endpoint /api/extract processes a maliciously crafted ZIP archive containing file paths designed to traverse directories (e.g., using ../ sequences). Due to insufficient validation or sanitization of the file paths within the ZIP archive, the extraction process writes files outside the intended extraction directory. This arbitrary file overwrite capability can be leveraged by an attacker to replace critical system or application files, potentially leading to remote code execution if executable files or scripts are overwritten or planted. The vulnerability does not require authentication, meaning any user able to submit ZIP files to the API can exploit it. Although no CVSS score has been assigned yet and no known exploits are reported, the nature of the vulnerability and its potential for remote code execution make it a significant risk. The lack of patch links suggests that a fix may not yet be publicly available, increasing the urgency for organizations to implement mitigations. The vulnerability affects Zdir Pro 4.x, a product used for file management and web-based directory browsing, which is often deployed in enterprise environments and web hosting services. Attackers exploiting this flaw could gain persistent access or disrupt services by overwriting configuration files, web shells, or other critical resources.

The impact of CVE-2025-66945 is potentially severe for organizations using Zdir Pro 4.x. Successful exploitation can lead to arbitrary file overwrite, which may compromise system integrity by replacing or injecting malicious files. This can escalate to remote code execution, allowing attackers to execute arbitrary commands with the privileges of the vulnerable application or underlying system user. Such control can lead to data breaches, service disruption, lateral movement within networks, and persistent backdoors. The vulnerability threatens confidentiality, integrity, and availability of affected systems. Organizations relying on Zdir Pro for file management or web services face risks of defacement, data loss, or full system compromise. The absence of known exploits currently limits immediate widespread impact, but the vulnerability’s characteristics make it a prime target once exploit code becomes available. Enterprises with internet-facing deployments are particularly at risk, as attackers can remotely deliver crafted ZIP files without authentication. The lack of a patch increases exposure duration, amplifying potential damage.

To mitigate CVE-2025-66945, organizations should immediately restrict access to the /api/extract endpoint to trusted users or internal networks only, using network segmentation and firewall rules. Implement strict input validation and sanitization on ZIP file paths to prevent directory traversal sequences before extraction. If possible, disable ZIP extraction functionality temporarily until a vendor patch is released. Monitor logs for unusual file extraction activities or unexpected file modifications outside designated directories. Employ application-layer firewalls or web application firewalls (WAFs) with custom rules to detect and block malicious ZIP uploads containing traversal patterns. Regularly back up critical files and configurations to enable recovery from potential overwrites. Engage with the vendor for timely patches or updates and apply them promptly once available. Additionally, conduct security assessments and penetration tests focusing on file upload and extraction features to detect similar vulnerabilities. Educate developers and administrators on secure file handling practices to prevent recurrence.