CVE-2025-63914 PoC — Cinnamon kotaemon 安全漏洞

Source

https://github.com/WxDou/CVE-2025-63914

Associated Vulnerability

Title:Cinnamon kotaemon 安全漏洞 (CVE-2025-63914)
Description:Cinnamon kotaemon是Cinnamon开源的一个基于RAG的开源工具。 Cinnamon kotaemon 0.11.0版本存在安全漏洞，该漏洞源于_may_extract_zip函数未检查ZIP文件内容，可能导致资源耗尽。

Description

Public disclosure and patch for CVE-2025-63914: Zip bomb vulnerability in Cinnamon/kotaemon.

Readme

# CVE-2025-63914
Public disclosure and patch for CVE-2025-63914: Zip bomb vulnerability in Cinnamon/kotaemon.

### Summary

The `_may_extract_zip` function fails to enforce limits on ZIP decompression, allowing a malicious ZIP bomb to trigger excessive resource consumption and denial of service.

### Details

The `_may_extract_zip` function in the `\libs\ktem\ktem\index\file\ui.py` file does not check the contents of uploaded ZIP files. Although the contents are extracted into a temporary folder that is cleared before each extraction, successfully uploading a ZIP bomb could still cause the server to consume excessive resources during decompression. Moreover, if no further files are uploaded afterward, the extracted data could occupy disk space and potentially render the system unavailable. Anyone with permission to upload files can carry out this attack.

### PoC

Use the command to pull and run the latest image:

```
docker run \
--name kotaemon \
-e GRADIO_SERVER_NAME=0.0.0.0 \
-e GRADIO_SERVER_PORT=7860 \
-v /home/kali/ktem_app_data/:/app/ktem_app_data \
-p 7860:7860 -d \
ghcr.io/cinnamon/kotaemon:0.11.0-full
```

Create a highly compressible payload consisting of repeated bytes to achieve extreme compression ratios.

![img1](images/img1.png)

During the process we may notice slowdowns due to resource consumption, and we can check the size of the temporary directory.

![img2](images/img2.png)

This resource usage will remain even when no other files are being uploaded.

### Impact

An attacker with file-upload privileges can submit a crafted ZIP archive that causes uncontrolled disk, CPU, and memory consumption, leading to service crash or host outage. All instances — including the latest release (0.11.0) — are affected.

### Patch

A test ZIP bomb and the corresponding patch for version 0.11.0 are provided in this repository.

**Patch overview:**

- Replace extractall with streamed extraction.
- Enforce limits: per-file size, total uncompressed size, and member count.
- Reject encrypted entries and extreme compression ratios.
- Whitelist file extensions.
- Cleanup on errors.

File Snapshot


 [4.0K]  /data/pocs/0dbd83c98aaab05660f41a2726823d59e0912331
├── [ 10M]  bomb.zip
├── [4.0K]  images
│   ├── [113K]  img1.png
│   └── [ 38K]  img2.png
├── [8.4K]  kotaemon.patch
└── [2.1K]  README.md

2 directories, 5 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!