PT-2025-8712 · Foxcms · Foxcms

Ka7Arotto

Published

2025-02-26

Updated

2025-03-08

CVE-2025-25790

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions FoxCMS version 1.2.5

Description The issue is related to an arbitrary file upload vulnerability in the component controllerLocalTemplate.php. This vulnerability allows attackers to execute arbitrary code by uploading a crafted Zip file.

Recommendations For FoxCMS version 1.2.5, update to a version that fixes this issue to prevent arbitrary code execution.

Exploit

Fix

Unrestricted File Upload

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-434

Related Identifiers

CVE-2025-25790

Affected Products

Foxcms

PT-2025-8712 · Foxcms · Foxcms

CVE-2025-25790

Weakness Enumeration

Related Identifiers

Affected Products

References · 6