CVE-2025-65602

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions ChanCMS version 3.3.4

Description A template injection issue exists in the /vip/v1/file/save component. Attackers can execute arbitrary code by submitting a specially crafted POST request. The vulnerable component is the /vip/v1/file/save API endpoint. The vulnerability is triggered through a crafted POST request, allowing code execution.

Recommendations Update to a newer version that contains a fix for this vulnerability.

Fix

Code Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-1336CWE-94

Related Identifiers

CVE-2025-65602

Affected Products

Chancms

CVE-2025-65602

Weakness Enumeration

Related Identifiers

Affected Products

References · 7