PT-2025-8714 · Seacms · Seacms
Ka7Arotto
·
Published
2025-02-26
·
Updated
2025-03-28
·
CVE-2025-25792
CVSS v3.1
4.4
Medium
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
SeaCMS version 13.3
Description
A remote code execution issue was found in SeaCMS, allowing attackers to execute code remotely via the
isopen parameter at the "admin weixin.php" endpoint.Recommendations
For SeaCMS version 13.3, consider restricting access to the "admin weixin.php" endpoint until a patch is available, and avoid using the
isopen parameter in this endpoint to minimize the risk of exploitation.Exploit
Fix
RCE
Command Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Seacms