CVE-2025-7949

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Sanluan PublicCMS versions through 5.202506.a

Description A vulnerability exists in Sanluan PublicCMS up to version 5.202506.a, affecting an unknown functionality within the file publiccms-parent/publiccms/src/main/resources/templates/admin/cmsDiy/preview.html. Manipulation of the url argument results in an open redirect, allowing for remote exploitation. The exploit has been publicly disclosed and may be in use.

Recommendations Sanluan PublicCMS versions through 5.202506.a: Apply the patch c1e79f124e3f4c458315d908ed7dee06f9f12a76/f1af17af004ca9345c6fe4d5936d87d008d26e75 to resolve this issue.

Exploit

Fix

Open Redirect

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-601

Related Identifiers

CVE-2025-7949

Affected Products

Sanluan Publiccms

CVE-2025-7949

Weakness Enumeration

Related Identifiers

Affected Products

References · 9