CVE-2025-15375

Name of the Vulnerable Software and Affected Versions EyouCMS versions up to 1.7.7

Description A flaw exists in EyouCMS that allows for remote code execution through deserialization. The issue resides in the unserialize function within the application/api/controller/Ajax.php file, specifically within the arcpagelist Handler component. Manipulation of the attstr argument can trigger the deserialization, potentially leading to code execution. The vendor has acknowledged the issue and plans to release version 1.7.8 with a fix. The exploit has been published.

Recommendations Versions prior to 1.7.8 are affected.