CVE-2025-15148

CVSS v3.1

7.2

High

Vector

AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions CmsEasy versions through 7.7.7

Description A flaw exists in CmsEasy that allows for code injection. The issue is located in the savetemp action function within the /lib/admin/template admin.php library of the Backend Template Management Page component. Manipulation of the content/tempdata argument can trigger the flaw, potentially allowing for remote code execution. The exploit for this issue has been published.

Recommendations Versions prior to 7.7.7 should be used.

Exploit

Fix

Special Elements Injection

Code Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-74CWE-94

Related Identifiers

CVE-2025-15148

Affected Products

Cmseasy

CVE-2025-15148

Weakness Enumeration

Related Identifiers

Affected Products

References · 10