CVE-2025-15422

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions EmpireSoft EmpireCMS versions up to 8.0

Description A security issue exists in EmpireSoft EmpireCMS related to the IP Address Handler component. The issue resides in the egetip function within the e/class/connect.php file. This flaw results in a failure of protection mechanisms. The attack can be initiated remotely. The exploit for this issue has been published. The vendor was notified but did not respond.

Recommendations Versions prior to 8.0 should be updated. As a temporary workaround, consider restricting access to the e/class/connect.php file to minimize the risk of exploitation.

Exploit

Fix

Protection Mechanism Failure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-693

Related Identifiers

CVE-2025-15422

Affected Products

Empirecms

CVE-2025-15422

Weakness Enumeration

Related Identifiers

Affected Products

References · 12