CVE-2025-4561: Kinfor KFOX - Arbitrary File Upload
First published: Mon May 12 2025(Updated: )
The KFOX from KingFor has an Arbitrary File Upload vulnerability, allowing remote attackers with regular privilege to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server.
Credit: twcert@cert.org.tw
| Affected Software | Affected Version | How to fix |
|---|---|---|
| KingFor KFOX |
Remedy
Please install the patch or update to version 2.7 or later.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2025-4561?
CVE-2025-4561 has a critical severity rating due to its potential for arbitrary code execution.
How do I fix CVE-2025-4561?
To mitigate CVE-2025-4561, ensure that file upload features are restricted and implement validation on the server-side.
What type of vulnerability is CVE-2025-4561?
CVE-2025-4561 is classified as an Arbitrary File Upload vulnerability.
Who is affected by CVE-2025-4561?
The vulnerability affects users of the KingFor KFOX software.
What can attackers do with CVE-2025-4561?
Attackers can upload and execute web shell backdoors, leading to arbitrary code execution on the server.
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/title
- agent/remedy
- agent/description
- agent/references
- agent/first-publish-date
- agent/type
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- agent/softwarecombine
- collector/nvd-api
- source/NVD
- agent/severity
- agent/last-modified-date
- agent/source
- agent/tags
- agent/author
- agent/event
- vendor/kingfor
- canonical/kingfor kfox