CVE-2025-3816

Name of the Vulnerable Software and Affected Versions westboy CicadasCMS version 2.0

Description A critical issue was found in the Scheduled Task Handler component, specifically affecting the /system/schedule/save file. This issue leads to os command injection and can be initiated remotely. The exploit has been disclosed to the public and may be used.

Recommendations For westboy CicadasCMS version 2.0, consider restricting access to the /system/schedule/save file of the Scheduled Task Handler component to minimize the risk of exploitation. As a temporary workaround, avoid using the Scheduled Task Handler until a patch is available. At the moment, there is no information about a newer version that contains a fix for this issue.