CVE-2025-54134

CVSS v4.0

7.1

High

Vector

AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions HAX CMS NodeJs versions 11.0.8 and below

Description HAX CMS NodeJs, a system for managing microsite universes with a NodeJs backend, is susceptible to a crash issue. An authenticated attacker can trigger this issue by sending API requests to the listFiles and saveFiles endpoints without providing the necessary URL parameters. The application fails to handle exceptions resulting from modifications to user-modifiable URL parameters, leading to the application crash.

Recommendations Upgrade to version 11.0.9 or later.

Exploit

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20CWE-248CWE-703

Related Identifiers

CVE-2025-54134

GHSA-PJJ3-J5J6-QJ27

Affected Products

Haxcms-Nodejs

CVE-2025-54134

Weakness Enumeration

Related Identifiers

Affected Products

References · 12