CVE-2025-12923
5.1
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P
Summary
A vulnerability was determined in liweiyi ChestnutCMS up to 1.5.8. This vulnerability affects the function resourceDownload of the file /dev-api/common/download. Executing manipulation of the argument path can lead to path traversal. The attack can be launched remotely. The exploit has been publicly disclosed and may be utilized.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| liweiyi | ChestnutCMS | 1.5.0 | affected |
| liweiyi | ChestnutCMS | 1.5.1 | affected |
| liweiyi | ChestnutCMS | 1.5.2 | affected |
| liweiyi | ChestnutCMS | 1.5.3 | affected |
| liweiyi | ChestnutCMS | 1.5.4 | affected |
| liweiyi | ChestnutCMS | 1.5.5 | affected |
| liweiyi | ChestnutCMS | 1.5.6 | affected |
| liweiyi | ChestnutCMS | 1.5.7 | affected |
| liweiyi | ChestnutCMS | 1.5.8 | affected |
Weaknesses
- CWE-22: Path Traversal
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: poc
- Automatable: no
- Technical Impact: partial
References
- https://vuldb.com/?id.331643
- https://vuldb.com/?ctiid.331643
- https://vuldb.com/?submit.681032
- https://github.com/Huu1j/CVE/blob/main/chestnutcms%20Arbitrary%20File%20Read.md
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.