> About Author
Hi, I'm Sharon, a product manager at Chaitin Tech. We build SafeLine, an open-source Web Application Firewall built for real-world threats. While SafeLine focuses on HTTP-layer protection, our emergency response center monitors and responds to RCE and authentication vulnerabilities across the stack to help developers stay safe.
Qiyuesuo is a widely used electronic signature and document management platform in China. It provides legally binding digital documents and seals for enterprises and individuals.
In July 2025, a remote code execution (RCE) vulnerability was identified in its pdfverifier module. The vulnerability allows unauthenticated attackers to execute arbitrary commands on the server, potentially leading to complete system compromise.
Vulnerability Overview
What caused the vulnerability?
The root of the issue lies in how the system processes specially crafted inputs. Due to flawed validation and insecure execution logic, an attacker can bypass protection mechanisms and inject malicious commands via crafted payloads.
Impact
- Remote Code Execution
- Unauthenticated Access
- Full Server Compromise
- Potential Data Breach or Business System Takeover
Severity: High
Access Required: None (no authentication)
Trigger Vector: Remote via network
User Interaction: None
System Config Requirement: Default settings
Exploit Maturity: No public POC yet
Fix Difficulty: Low (official patch available)
Affected Versions
The vulnerability affects the following versions of Qiyuesuo:
-
4.3.8 <= Qiyuesuo <= 5.x.xwith patch version <2.1.8 -
4.0.x <= Qiyuesuo <= 4.3.7with patch version <1.3.8
Recommended Fixes
Temporary Workaround
If upgrading is not possible right away:
- Do not expose the Qiyuesuo system directly to the Internet.
Official Patch
Qiyuesuo has released a security patch. Update immediately from their official site:
π https://www.qiyuesuo.com/more/security/servicepack
Exploit Reproduction (POC)
This vulnerability has been successfully reproduced in a controlled environment. Although no public exploit code has been released yet, exploitation is considered relatively easy for attackers with minimal knowledge of the system.
Detection Support
The following platforms have already or will soon support detection of this vulnerability:
| Platform | Detection Status |
|---|---|
| Yuntu | Supported (Fingerprint + PoC check) |
| Dongjian | ETA: July 11, 2025 |
| SafeLine | Supported by default |
| Quanshi | Supported by default |
Timeline
- July 2025 β Official patch released by Qiyuesuo
- July 11, 2025 β Advisory published by Changting Security Emergency Response Center
Join the SafeLine Community
Final Note
If your organization uses Qiyuesuo for digital signatures, you must update now. This RCE flaw poses a serious threat, especially because it requires no login and no user interaction to exploit. Even if you donβt see signs of compromise yet, it only takes one exposed system to bring down your entire infrastructure.
Stay safe. Patch early. Audit often.
Top comments (0)