CVE-2025-0463 in Lingdang CRM
Summary
by MITRE • 01/14/2025
A vulnerability was found in Shanghai Lingdang Information Technology Lingdang CRM up to 8.6.0.0. It has been classified as critical. Affected is an unknown function of the file /crm/weixinmp/index.php?userid=123&module=Users&usid=1&action=UsersAjax&minipro_const_type=1&related_module=Singin. The manipulation of the argument name leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
If you want to get best quality of vulnerability data, you may have to visit VulDB.
Analysis
by VulDB Data Team • 08/28/2025
This critical vulnerability exists in Shanghai Lingdang Information Technology's Lingdang CRM version 8.6.0.0 and earlier, representing a severe security flaw that allows remote attackers to execute unrestricted file uploads. The vulnerability is located within the /crm/weixinmp/index.php endpoint where specific parameters control the application's behavior. The affected function processes user input through the userid, module, usid, action, minipro_const_type, and related_module parameters, creating an attack surface where improper input validation enables malicious file uploads. The exploitation occurs when an attacker manipulates the argument name parameter, bypassing normal upload restrictions that should prevent execution of malicious code.
The technical flaw stems from inadequate input validation and sanitization within the application's file upload mechanism. When the application processes the specified URL parameters, it fails to properly validate or restrict the file types that can be uploaded through the UsersAjax action. This vulnerability directly maps to CWE-434 which describes "Unrestricted Upload of File with Dangerous Type" and aligns with ATT&CK technique T1195.001 for "Phishing with Malicious File" and T1059.001 for "Command and Scripting Interpreter". The lack of proper file type checking, extension validation, and content verification creates a pathway for attackers to upload malicious files such as web shells, scripts, or executables that can be executed within the application's context.
The operational impact of this vulnerability is severe and far-reaching for organizations using this CRM system. Remote exploitation allows attackers to gain unauthorized access to the application server, potentially leading to complete system compromise, data exfiltration, and persistent backdoor access. The unrestricted upload capability means that attackers can deploy web shells that provide remote command execution capabilities, enabling them to escalate privileges, access sensitive customer data, and manipulate business processes. Organizations may face regulatory compliance violations, financial losses, and reputational damage when this vulnerability is exploited. The public disclosure of the exploit increases the likelihood of widespread exploitation, as threat actors can readily leverage this knowledge to target vulnerable installations without requiring advanced technical skills.
Mitigation strategies must address both immediate remediation and long-term security improvements. Organizations should immediately apply vendor patches or updates if available, though the lack of vendor response to early disclosure indicates potential delays in official patch release. Network-level protections should include implementing strict file type validation, content inspection, and upload restrictions at the application firewall level. The application should enforce mandatory file type checking, reject suspicious file extensions, and validate file content against known malicious patterns. Security measures should include disabling unnecessary file upload functionality, implementing proper access controls, and establishing monitoring for unusual upload activities. Additional defensive measures include deploying web application firewalls, conducting regular security assessments, and implementing proper input validation across all user-supplied data. The vulnerability highlights the critical importance of secure coding practices and proper input validation as outlined in OWASP Top Ten and NIST cybersecurity guidelines.