CVE-2025-12923

Summary

A vulnerability was determined in liweiyi ChestnutCMS up to 1.5.8. This vulnerability affects the function resourceDownload of the file /dev-api/common/download. Executing manipulation of the argument path can lead to path traversal. The attack can be launched remotely. The exploit has been publicly disclosed and may be utilized.

Affected Software

VendorProductVersion RangeStatus
liweiyiChestnutCMS1.5.0affected
liweiyiChestnutCMS1.5.1affected
liweiyiChestnutCMS1.5.2affected
liweiyiChestnutCMS1.5.3affected
liweiyiChestnutCMS1.5.4affected
liweiyiChestnutCMS1.5.5affected
liweiyiChestnutCMS1.5.6affected
liweiyiChestnutCMS1.5.7affected
liweiyiChestnutCMS1.5.8affected

Weaknesses

  • CWE-22: Path Traversal

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

References