CVE-2025-7065

Name of the Vulnerable Software and Affected Versions PAD CMS (affected versions not specified)

Description The software’s photo upload functionality allows a remote attacker to upload files of any type and extension without restriction due to a client-controlled permission check parameter. This can lead to Remote Code Execution. The issue affects all three templates: www, bip, and ww+bip. The product is End-Of-Life and the producer will not release patches for this issue.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.