CVE-2025-8266

CVSS v2.0

6.5

Medium

AV:N/AC:L/Au:S/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions yanyutao0402 ChanCMS versions through 3.1.2

Description A critical vulnerability exists in yanyutao0402 ChanCMS. The getArticle function within the app/modules/cms/controller/collect.js file is susceptible to deserialization due to manipulation of the targetUrl argument. This issue can be exploited remotely. The exploit has been publicly disclosed.

Recommendations Upgrade to version 3.1.3 to address this issue.

Exploit

Fix

RCE

Deserialization of Untrusted Data

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20CWE-502

Related Identifiers

CVE-2025-8266

Affected Products

Chancms

CVE-2025-8266

Weakness Enumeration

Related Identifiers

Affected Products

References · 9