CVE-2025-47221
Arbitrary file write
Issue summary
The following properties can be set to any path, even ones that will point to files that already exists. This vulnerability gives a user with admin access the possibility to write files in arbitrary directories in the server file system and potentially overwrite files accessible by the local user JBoss.
- ARCHIVETODISK_FILENAME-PATTERN
- ARCHIVETODISK_PATH_BASE
- ARCHIVETODISK_PATH_PATTERN
Severity
Keyfactor rates the severity as medium with a CVSS score of CVSS 6.1. Assigned CVE-2025-47221.
Who is affected?
All SignServer users prior to 7.3.2.
Risk assessment
An authorized Admin user could mistakenly or by choice overwrite any file on the server accessible by local user JBoss.
Mitigation
Upgrade to SignServer 7.3.2 or later.
Additional information
Should you have any additional questions, please reach out to support@keyfactor.com.
Was this article helpful?
8 out of 8 found this helpful
Articles in this section
- EJBCA compliance issue: Potential CA/B Forum compliance issue for customers using EJBCA ACME and MPIC functionality
- SignServer CVE-2025-47222: Class name enumeration
- SignServer CVE-2025-47221: Arbitrary file write
- SignServer CVE-2025-47220: Local file enumeration
- SignServer security advisory: Container vulnerability CVE-2025-26787 fixed in version 7.2
- EJBCA security advisory: EJBCA standalone CMP CLI client
- Security Advisory: EJBCA - Partial denial of service attack on certificate distribution servlet /ejbca/ra/cert
- Security Advisory: SignServer - Cross-site scripting issue in Admin Web
Add comment
Article is closed for comments.