PT-2025-31001 · Yanyutao0402 · Chancms
Zast.Ai
·
Published
2025-07-27
·
Updated
2025-08-26
·
CVE-2025-8227
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
yanyutao0402 ChanCMS versions through 3.1.2
Description
A critical vulnerability exists in yanyutao0402 ChanCMS. The vulnerability affects an unknown functionality of the file
/collect/getArticle. Manipulation of the taskUrl argument leads to deserialization, allowing for remote attacks. The exploit has been publicly disclosed.Recommendations
yanyutao0402 ChanCMS versions through 3.1.2: Upgrade to version 3.1.3 to address this issue.
Exploit
Fix
RCE
Deserialization of Untrusted Data
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Chancms