PT-2025-10950 · Themeegg · Themeegg Toolkit

Nabil Irawan

Published

2025-03-11

Updated

2025-03-14

CVE-2025-28915

CVSS v3.1

9.1

Critical

Vector

AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: ThemeEgg ToolKit versions 1.2.9 and earlier

Description: The issue allows for the unrestricted upload of files with dangerous types, enabling an attacker to upload a web shell to a web server. This can lead to further exploitation and potential control of the server.

Recommendations: For ThemeEgg ToolKit versions 1.2.9 and earlier, consider restricting or disabling file upload functionality until a fix is available. As a temporary workaround, implement strict validation and sanitization of uploaded files to prevent the upload of dangerous file types.

Fix

Unrestricted File Upload

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-434

Related Identifiers

CVE-2025-28915

Affected Products

Themeegg Toolkit

PT-2025-10950 · Themeegg · Themeegg Toolkit

CVE-2025-28915

Weakness Enumeration

Related Identifiers

Affected Products

References · 6