CVE-2025-3797

Name of the Vulnerable Software and Affected Versions SeaCMS versions up to 13.3

Description A critical vulnerability was found in SeaCMS, affecting the file /admin topic.php?action=delall. The manipulation of the e id argument leads to SQL injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Recommendations For versions up to 13.3, consider disabling access to the /admin topic.php?action=delall endpoint until a patch is available. Restrict the manipulation of the e id argument to minimize the risk of SQL injection exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.