CVE-2025-1743 Scanner

Pichome is an open-source image collection and sharing system developed by zyx0814. Designed to organize and serve image libraries through a clean web interface, it allows indexing and text viewing functionalities via URL parameters. In Pichome 2.1.0, the endpoint `/index.php?mod=textviewer` handles text file rendering through the `src` query parameter.

This vulnerability (CVE-2025-1743) arises from improper validation and sanitization of the `src` parameter. By passing a specially crafted path such as `file:///etc/passwd`, attackers can bypass directory restrictions and access arbitrary files on the underlying server. The vulnerability is due to a classic path traversal flaw (CWE-22), allowing the attacker to read sensitive files outside the intended scope of the application.

The affected endpoint processes file paths directly from user input and renders the content in the browser. This behavior exposes internal files like `/etc/passwd` (on Unix systems), which could leak information about system users or other sensitive configuration. This vulnerability does not require authentication, making it exploitable by unauthenticated remote attackers.

The response to the crafted request includes indicators such as system file content and Pichome frontend elements (`.scrollbar__wrap`), confirming the vulnerability. This could be used in chained attacks for reconnaissance, privilege escalation, or even Remote Code Execution if writable paths and inclusion points are found.

REFERENCES

• https://nvd.nist.gov/vuln/detail/CVE-2025-1743
• https://github.com/sheratan4/cve/issues/4