PT-2025-45585 · Liweiyi · Chestnutcms
Huu1J
·
Published
2025-11-10
·
Updated
2025-11-21
·
CVE-2025-12923
CVSS v3.1
4.9
Medium
| Vector | AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
liweiyi ChestnutCMS versions up to 1.5.8
Description
A flaw exists in the
resourceDownload function located in the /dev-api/common/download file. Manipulation of the path argument can result in path traversal, allowing for remote exploitation. The exploit for this issue has been made public.Recommendations
versions prior to 1.5.9
Exploit
Fix
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Chestnutcms