exploitDog

CVE-2025-60790

Опубликовано: 21 окт. 2025

Источник: nvd

CVSS3: 6.5

EPSS Низкий

Описание

ProcessWire CMS 3.0.246 allows a low-privileged user with lang-edit to upload a crafted ZIP to Language Support that is auto-extracted without limits prior to validation, enabling resource-exhaustion Denial of Service.

Ссылки

https://github.com/NomanProdhan/security-vulnerability-research/tree/master/CVE-2025-60790
Exploit
Third Party Advisory
https://github.com/processwire/processwire-issues/issues/2120
Exploit
Issue Tracking
Vendor Advisory
https://github.com/processwire/processwire-issues/issues/2120
Exploit
Issue Tracking
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:processwire:processwire:*:*:*:*:*:*:*:*

Версия до 3.0.246 (включая)

EPSS

Процентиль: 18%

0.00058

Низкий

6.5 Medium

CVSS3

Дефекты

CWE-400

Связанные уязвимости

GHSA-9p44-q66p-xm6p

github

4 месяца назад

ProcessWire CMS vulnerable to resource-exhaustion Denial of Service

EPSS

Процентиль: 18%

0.00058

Низкий

6.5 Medium

CVSS3

Дефекты

CWE-400