CVE-2025-8266

CVSS v2.0

6.5

Vector

AV:N/AC:L/Au:S/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions yanyutao0402 ChanCMS versions through 3.1.2

Description A critical vulnerability exists in yanyutao0402 ChanCMS. The

getArticle

function within the

app/modules/cms/controller/collect.js

file is susceptible to deserialization due to manipulation of the

targetUrl

argument. This issue can be exploited remotely. The exploit has been publicly disclosed.

Recommendations Upgrade to version 3.1.3 to address this issue.

Exploit

Fix

RCE

Deserialization of Untrusted Data

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

CVE-2025-8266

Chancms