CVE-2025-7628 is a path traversal vulnerability identified in the YiJiuSmile kkFileViewOfficeEdit product, specifically affecting the deleteFile function accessible via the /deleteFile endpoint. The vulnerability arises from improper validation or sanitization of the fileName parameter, which an attacker can manipulate to traverse directories and potentially delete arbitrary files on the server. This flaw allows remote attackers to craft requests that specify file paths outside the intended directory scope, leading to unauthorized file deletions. The vulnerability is classified as medium severity with a CVSS 4.0 base score of 5.3, reflecting its network attack vector, low attack complexity, no user interaction, and limited impact on confidentiality, integrity, and availability. The vulnerability does not require authentication but does require low privileges (PR:L), indicating that some level of access is needed to exploit it. The product uses a rolling release model, so specific patched versions are not clearly identified, complicating mitigation efforts. Although no known exploits are currently reported in the wild, public disclosure increases the risk of exploitation. The vulnerability impacts the integrity and availability of the affected system by enabling unauthorized deletion of files, which could disrupt service or lead to data loss. The lack of scope change means the impact is confined to the affected component without broader system compromise. The vulnerability's exploitation requires sending crafted requests remotely, making it a significant risk for exposed deployments of kkFileViewOfficeEdit.

For European organizations using YiJiuSmile kkFileViewOfficeEdit, this vulnerability poses a risk of unauthorized file deletions that could disrupt business operations, especially if critical documents or configuration files are deleted. The path traversal nature of the vulnerability could allow attackers to delete files outside the intended directory, potentially affecting system stability and data integrity. Organizations relying on kkFileViewOfficeEdit for document management or office file editing may face operational downtime or data loss, impacting productivity and potentially leading to compliance issues under regulations like GDPR if data availability or integrity is compromised. Since the vulnerability can be exploited remotely without user interaction, exposed internet-facing instances are particularly at risk. The medium severity rating suggests that while the vulnerability is serious, it may not lead to full system compromise or data exfiltration, but the potential for service disruption and data loss remains significant. European organizations should assess their exposure, especially those in sectors with high reliance on document management systems such as finance, legal, and public administration.

1. Immediate mitigation should include restricting access to the /deleteFile endpoint through network controls such as firewalls or VPNs to limit exposure to trusted users only. 2. Implement strict input validation and sanitization on the fileName parameter to prevent directory traversal sequences (e.g., ../) from being processed. 3. Employ application-layer access controls to ensure that users can only delete files within their authorized directories. 4. Monitor logs for suspicious deleteFile requests that include unusual path patterns or attempts to access parent directories. 5. If possible, deploy web application firewalls (WAFs) with rules targeting path traversal attack signatures to block malicious requests. 6. Coordinate with YiJiuSmile for updates or patches, and apply them promptly once available, even if versioning is unclear due to rolling releases. 7. Conduct a thorough audit of file permissions and backups to ensure rapid recovery in case of file deletion. 8. Educate system administrators about the vulnerability and encourage regular security reviews of deployed kkFileViewOfficeEdit instances.