CVE-2025-25284

Summary

The ZOO-Project is an open source processing platform, released under MIT/X11 Licence. A vulnerability in ZOO-Project’s WPS (Web Processing Service) implementation allows unauthorized access to files outside the intended directory through path traversal. Specifically, the Gdal_Translate service, when processing VRT (Virtual Format) files, does not properly validate file paths referenced in the VRTRasterBand element, allowing attackers to read arbitrary files on the system. The vulnerability exists because the service doesn’t properly sanitize the SourceFilename parameter in VRT files, allowing relative path traversal sequences (../). When combined with VRT’s raw data handling capabilities, this allows reading arbitrary files as raw binary data and converting them to TIFF format, effectively exposing their contents. This vulnerability is particularly severe because it allows attackers to read sensitive system files, potentially exposing configuration data, credentials, or other confidential information stored on the server. An unauthenticated attacker can read arbitrary files from the system through path traversal, potentially accessing sensitive information such as configuration files, credentials, or other confidential data stored on the server. The vulnerability requires no authentication and can be exploited remotely through the WPS service. This issue has been addressed in commit 5f155a8 and all users are advised to upgrade. There are no known workarounds for this vulnerability.

Severity

• Base Score: 8.7
• Exploitability Score: 0.0
• Impact Score: 0.0
• Exploitable: 0

Details

The vulnerability is present in the Gdal_Translate service of the ZOO-Project WPS implementation. This service processes VRT (Virtual Raster Format) files, which can reference other files via the SourceFilename parameter within the VRTRasterBand element. The service fails to properly sanitize these file paths, allowing attackers to use relative path traversal sequences (e.g., ../) to access files outside the intended directory. When combined with VRT’s raw data handling capabilities, this allows an attacker to read arbitrary files as raw binary data and convert them into TIFF format, thus bypassing any potential access controls on the server. Since the exploit has an availability score set to 0, this is a theoretical vulnerability with no known proof of concept or real world exploit.

Remediation

The primary remediation strategy is to:

1. Upgrade ZOO-Project: Upgrade to a version of ZOO-Project that incorporates commit 5f155a8 or a later version. This commit addresses the path traversal vulnerability by implementing proper sanitization of the SourceFilename parameter in VRT files. If you use a package manager, use it to upgrade. If you compiled from source code you have to pull the newest version and recompile.
2. Verify Upgrade: After upgrading, verify that the new version is running and that the vulnerability is no longer present.
3. Monitor for Exploitation: While the primary fix addresses the root cause, it’s good practice to monitor ZOO-Project instances for any suspicious activity related to file access or processing of VRT files.

Assigner

• Name: GitHub, Inc.
• Email: [email protected]

Date

• Published Date: 2025-02-18 18:42:55
• Updated Date: 2025-02-18 19:15:29

More Details

CVE-2025-25284