Initiativen für
Als nationale Behörde für Cybersicherheit hat das ZCB mehrere Initiativen für bestimmte Zielgruppen entwickelt, die hier vorgestellt werden.
Warning: Path Traversal Vulnerability in ZendTo (CVE-2025-34508), Patch Immediately!
Image
Veröffentlicht : 23/06/2025
* Last update: 23/06/2025
* Affected software:: ZendTo versions 6.15-7 and prior
* Type: Path Traversal Vulnerability
* CVE/CVSS
→ CVE-2025-34508: CVSS 5.3 (CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N)
Sources
NVD https://nvd.nist.gov/vuln/detail/CVE-2025-34508
Risks
A path traversal vulnerability (CVE-2025-34508) has been discovered in ZendTo, a widely-used web-based file transfer application, in versions 6.15-7 and earlier. This vulnerability allows an authenticated attacker to access or manipulate sensitive files on the server, including those belonging to other users. In some cases, it could even result in denial of service if key application files are tampered with.
File transfer applications like ZendTo are high-value targets for ransomware groups due to the sensitive nature of the data they handle. This has been evident in historical breaches involving similar systems. While this vulnerability is not known to be actively exploited in the wild at the time of this advisory, a proof-of-concept (PoC) is publicly available, significantly increasing the likelihood of exploitation in the near future.
This vulnerability impacts all three pillars of the CIA triad. Organizations using ZendTo, are urged to upgrade immediately to the patched version 6.15-8 to mitigate this risk.
Description
ZendTo’s file upload mechanism contains a flaw in how it handles user-supplied input during the "dropoff" process. Specifically, the parameters chunkName and tmp_name, which control the file upload destination, are improperly sanitized. An attacker with a valid account can craft a request that manipulates the file path used during upload, resulting in unauthorized access to files on the server. These files are then accessible for download, effectively exposing sensitive system and user information.
In the default installation, the attack is limited to files accessible by the web server user (e.g., www-root), but this still includes any user-uploaded data and sensitive application files.
Recommended Actions
Patch
The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority, after thorough testing.
Monitor/Detect
The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity, ensuring a swift response in case of an intrusion.
In case of an intrusion, you can report an incident via:< https://ccb.belgium.be/cert/report-incident>.
While patching appliances or software to the newest version may provide safety from future exploitation, it does not remediate historic compromise.