CVE-2025-15009

Name of the Vulnerable Software and Affected Versions liweiyi ChestnutCMS versions up to 1.5.8

Description A flaw exists in liweiyi ChestnutCMS up to version 1.5.8. This issue affects the FilenameUtils.getExtension function within the Filename Handler component, located in the file /dev-api/common/upload. Manipulation of the File argument can lead to unrestricted file upload, and the attack can be launched remotely. An exploit for this issue has been published.

Recommendations Versions prior to 1.5.8 are vulnerable. At the moment, there is no information about a newer version that contains a fix for this vulnerability.