PT-2025-8944 · Sucms · Sucms

Published

2025-02-27

Updated

2025-03-04

CVE-2025-25759

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions SUCMS version 1.0

Description The issue allows attackers to execute a directory traversal and arbitrary file deletion via a crafted GET request. This is due to a problem in the component admin template.php.

Recommendations For SUCMS version 1.0, consider restricting access to the admin template.php component until a patch is available. As a temporary workaround, monitor GET requests to prevent potential directory traversal and arbitrary file deletion attacks.

Fix

Path traversal

Files Accessible to External Parties

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22CWE-552

Related Identifiers

CVE-2025-25759

Affected Products

Sucms

PT-2025-8944 · Sucms · Sucms

CVE-2025-25759

Weakness Enumeration

Related Identifiers

Affected Products

References · 6