Skip to content

Instantly share code, notes, and snippets.

@CongSec

CongSec/(CVE-2025-65471)EasyImages Remote Code Execution Vulnerability.md

Created December 5, 2025 06:36
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save CongSec/cd3d3ee57b8e6f83c7038e2263c15120 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save CongSec/cd3d3ee57b8e6f83c7038e2263c15120 to your computer and use it in GitHub Desktop.
Download ZIP
(CVE-2025-65471)EasyImages Remote Code Execution Vulnerability
Raw
(CVE-2025-65471)EasyImages Remote Code Execution Vulnerability.md

CVE ID

CVE-2025-65471

Vulnerable Version(PRODUCT)

icret/EasyImages2.0/2.8.6 before

PROBLEM TYPE

Remote

DESCRIPTION

authenticated remote attacker (with user privileges) can upload and execute arbitrary PHP files

Vulnerability Location

github地址:https://github.com/icret/EasyImages2.0

target:http://xxx.com/admin/manager.php?p=

Environment Setup

Start the environment directly using the following command:

docker run -itd --name easyimage -p 8777:80 -e TZ=Asia/Shanghai -e PUID=1000 -e PGID=1000 -e DEBUG=false -v /root/data/docker_data/easyimage/config:/app/web/config -v /root/data/docker_data/easyimage/i:/app/web/i ddsderek/easyimage:latest

Verification Process

  1. visithttp://x.x.x.x:8777/admin/index.php​,By using a weak password (congsec/congsec),Log in to EasyImage, navigate to Settings -> File Management.

    1. image
    2. image

  2. Edit a web shell script and upload the file congsec.php​(the web shell) into the cachefolder.

    1. image
    2. image
    3. image

  3. Connect to the shell using AntSword (China Chopper) at the following address: http://x.x.x.x:8777/i/cache/congsec.php

    1. image
    2. image

Remediation Recommendations

  1. Server Configuration:

    • Set upload directories and uploaded files to non-executable to prevent script execution.
    • Ensure server security to avoid file parsing vulnerabilities.

  2. Server-Side File Upload Validation:

    • Implement an allowlist (whitelist) to control uploadable file types, permitting only specified file extensions.
    • Validate the match between the file extension and its MIME Type. Check the consistency between the file header information and the file extension.
    • Enforce limits on individual file sizes and the total number of files to prevent Denial-of-Service (DoS) attacks.
    • Validate filenames upon input and apply output encoding when displaying them.

  3. File Storage:

    • Store uploaded files strictly within designated paths.
    • Rename uploaded files using random names to prevent file overwriting.
    • Configure upload paths to prevent direct user access to uploaded files.
    • Ideally, store files outside the web root directory or on a dedicated content server to prevent direct access via the web application.

  4. Image File Processing:

    • Perform secondary rendering or compression on image files to mitigate the risk of malicious code embedded within images.

  5. Error Handling:

    • Log detailed error information upon validation failure. Logs should include at least the timestamp, user, IP address, operation details, the parameter that failed validation, and its content.

  6. Handling Uploaded Temporary Files:

    • Avoid storing too many files in a single directory, as this can degrade performance. Consider distributing files into subdirectories, for example, based on the hash of the filename or its first character.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment