CVE-2025-1177

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions dayrui XunRuiCMS version 4.6.3

Description A critical issue was found in dayrui XunRuiCMS, affecting the import add function of the file dayrui/Fcms/Control/Admin/Linkage.php. The manipulation leads to deserialization, and it is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Recommendations For dayrui XunRuiCMS version 4.6.3, consider disabling the import add function of the dayrui/Fcms/Control/Admin/Linkage.php file as a temporary workaround until a patch is available. Restrict access to the affected file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Deserialization of Untrusted Data

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-502CWE-20

Related Identifiers

CVE-2025-1177

Affected Products

Xunruicms

CVE-2025-1177

Weakness Enumeration

Related Identifiers

Affected Products

References · 10