CVE-2025-12331

CVSS v3.1

7.2

High

Vector

AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Willow CMS versions prior to 1.4.1

Description A flaw exists in Willow CMS that allows for unrestricted file uploads. This issue is present in a file located at /admin/images/add and involves an unknown function. Remote attackers can exploit this to upload arbitrary files. The exploit code has been publicly released.

Recommendations Update Willow CMS to version 1.4.1 or later. As a temporary workaround, restrict access to the /admin/images/add file.

Exploit

Fix

Improper Access Control

Unrestricted File Upload

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-284CWE-434

Related Identifiers

CVE-2025-12331

Affected Products

Willow Cms

CVE-2025-12331

Weakness Enumeration

Related Identifiers

Affected Products

References · 10