PT-2025-12520 · Jizhicms · Jizhicms

H3Rmesk1T

Published

2025-03-23

Updated

2025-03-28

CVE-2025-2639

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Name of the Vulnerable Software and Affected Versions JIZHICMS versions up to 1.7.0

Description A vulnerability has been found in the Article Handler component, affecting the file /user/release.html. This issue leads to improper authorization and can be initiated remotely. The manipulation affects unknown code, and the exploit has been disclosed to the public.

Recommendations For JIZHICMS versions up to 1.7.0, consider restricting access to the /user/release.html file until a patch is available. As a temporary workaround, review and strengthen authorization mechanisms in the Article Handler component to minimize the risk of exploitation.

Exploit

Fix

Improper Authorization

Incorrect Privilege Assignment

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-285CWE-266

Related Identifiers

CVE-2025-2639

Affected Products

Jizhicms

PT-2025-12520 · Jizhicms · Jizhicms

CVE-2025-2639

Weakness Enumeration

Related Identifiers

Affected Products

References · 11