CVE-2025-5425

Name of the Vulnerable Software and Affected Versions juzaweb CMS versions up to 3.4.2

Description A critical issue was found in the Theme Editor Page component of juzaweb CMS, specifically in the file /admin-cp/theme/editor/default, affecting an unknown function. This issue leads to improper access controls, allowing for remote attacks. The exploit has been publicly disclosed.

Recommendations For juzaweb CMS versions up to 3.4.2, as a temporary workaround, consider restricting access to the Theme Editor Page until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.