CVE-2025-5429

Name of the Vulnerable Software and Affected Versions juzaweb CMS versions up to 3.4.2

Description A critical issue was found in the Plugins Page component, specifically affecting the /admin-cp/plugin/install file. This leads to improper access controls, allowing for remote attacks. The issue has been publicly disclosed, and the vendor was notified but did not respond.

Recommendations For juzaweb CMS versions up to 3.4.2, consider restricting access to the /admin-cp/plugin/install file until a fix is available. As a temporary workaround, review and tighten access controls to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.