CVE-2025-2917

Опубликовано: 28 мар. 2025

Источник: nvd

CVSS3: 4.3

CVSS3: 7.5

CVSS2: 4

EPSS Низкий

Описание

A vulnerability, which was classified as problematic, was found in ChestnutCMS up to 1.5.3. Affected is the function readFile of the file /dev-api/cms/file/read. The manipulation of the argument filePath leads to path traversal. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Ссылки

https://r0ot.notion.site/ChestnutCMS-1-5-3-Arbitrary-file-read-vulnerability-1ae27d744f7f8074a169ca849e8a1d31?pvs=4
Exploit
Third Party Advisory
https://vuldb.com/?ctiid.301890
Permissions Required
VDB Entry
https://vuldb.com/?id.301890
Third Party Advisory
VDB Entry
https://vuldb.com/?submit.520933
Third Party Advisory
VDB Entry
https://r0ot.notion.site/ChestnutCMS-1-5-3-Arbitrary-file-read-vulnerability-1ae27d744f7f8074a169ca849e8a1d31
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:1000mz:chestnutcms:*:*:*:*:*:*:*:*

Версия до 1.5.3 (включая)

EPSS

Процентиль: 66%

0.00523

Низкий

4.3 Medium

CVSS3

7.5 High

CVSS3

4 Medium

CVSS2

Дефекты

CWE-22

Связанные уязвимости

GHSA-cw8p-4qwh-rvpm

CVSS3: 4.3

github

11 месяцев назад

EPSS

Процентиль: 66%

0.00523

Низкий

4.3 Medium

CVSS3

7.5 High

CVSS3

4 Medium

CVSS2

Дефекты

CWE-22