CVE-2025-14532

Summary

DobryCMS's upload file functionality allows an unauthenticated remote attacker to upload files of any type and extension without restriction, which can result in Remote Code Execution.

This issue was fixed in versions above 5.0.

Affected Software

VendorProductVersion RangeStatus
Studio FabrykaDobryCMS1.0 <= 1.*affected
Studio FabrykaDobryCMS2.0 <= 2.*affected
Studio FabrykaDobryCMS5.0affected

Weaknesses

  • CWE-434: CWE-434 Unrestricted Upload of File with Dangerous Type

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: total

References