CVE-2025-5381

Name of the Vulnerable Software and Affected Versions Yifang CMS versions up to 2.0.2

Description A problematic issue was found in the Admin Panel component, specifically in the downloadFile function of the /api/File/downloadFile API endpoint. The manipulation of the File argument leads to path traversal. This issue can be exploited remotely.

Recommendations For Yifang CMS versions up to 2.0.2, consider disabling the downloadFile function of the /api/File/downloadFile API endpoint until a patch is available. Restrict access to the Admin Panel to minimize the risk of exploitation. Avoid using the File argument in the affected API endpoint until the issue is resolved.