CVE-2025-12331

Summary

A weakness has been identified in Willow CMS up to 1.4.0. Impacted is an unknown function of the file /admin/images/add. This manipulation causes unrestricted upload. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be exploited.

Affected Software

VendorProductVersion RangeStatus
WillowCMS1.0affected
WillowCMS1.1affected
WillowCMS1.2affected
WillowCMS1.3affected
WillowCMS1.4.0affected

Weaknesses

  • CWE-434: Unrestricted Upload
  • CWE-284: Improper Access Controls

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References