CVE-2025-7108 is a path traversal vulnerability identified in the risesoft-y9 Digital-Infrastructure product versions 9.6.0 through 9.6.7. The flaw exists in the deleteFile function located in the Y9FileController.java source file within the y9-module-filemanager component. Specifically, the vulnerability arises from improper validation or sanitization of the 'fullPath' argument, which an attacker can manipulate to traverse directories outside the intended file system scope. This can allow an attacker to delete arbitrary files on the server remotely without authentication or user interaction. The vulnerability is remotely exploitable over the network, with no privileges or user interaction required, increasing its risk profile. The CVSS 4.0 base score is 5.3 (medium severity), reflecting the moderate impact on confidentiality, integrity, and availability, with low attack complexity but requiring some privileges (PR:L). The vendor was notified but has not responded or released a patch, and no known exploits have been observed in the wild yet. The public disclosure of the exploit code increases the risk of exploitation by threat actors. The vulnerability affects a critical file management function, potentially allowing attackers to delete important files, which could disrupt services, cause data loss, or facilitate further compromise if system or application files are targeted.

For European organizations using risesoft-y9 Digital-Infrastructure versions 9.6.0 to 9.6.7, this vulnerability poses a tangible risk of unauthorized file deletion, potentially leading to service disruption, data loss, and operational downtime. Given that the vulnerability can be exploited remotely without user interaction, attackers could leverage this flaw to target critical infrastructure components managed by the affected software. This is particularly concerning for sectors such as government, finance, healthcare, and utilities, where data integrity and availability are paramount. The lack of vendor response and patches increases the window of exposure. Organizations relying on this product for digital infrastructure management may face compliance risks under European data protection regulations if data loss or service interruptions occur. Additionally, attackers could use this vulnerability as a foothold to escalate attacks within the network or disrupt business continuity.

1. Immediate mitigation should include restricting network access to the affected Digital-Infrastructure management interfaces using firewalls or network segmentation to limit exposure to trusted administrators only. 2. Implement strict input validation and sanitization at the application layer if possible, or deploy Web Application Firewalls (WAFs) with custom rules to detect and block path traversal attempts targeting the 'fullPath' parameter. 3. Monitor logs for suspicious deleteFile function calls or unusual file deletion activity to detect potential exploitation attempts early. 4. If feasible, temporarily disable or restrict the deleteFile functionality until a vendor patch or official fix is available. 5. Engage with the vendor or community to obtain any unofficial patches or workarounds. 6. Conduct a thorough audit of file permissions and backups to ensure rapid recovery in case of file deletion. 7. Prepare incident response plans specifically addressing potential exploitation of this vulnerability. 8. Consider deploying endpoint detection and response (EDR) tools to identify anomalous behavior related to file deletions on servers running the affected software.