CVE-2025-14648

Summary

A security vulnerability has been detected in DedeBIZ up to 6.5.9. Affected by this vulnerability is an unknown functionality of the file /src/admin/catalog_add.php. Such manipulation leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may be used.

Affected Software

VendorProductVersion RangeStatus
n/aDedeBIZ6.5.0affected
n/aDedeBIZ6.5.1affected
n/aDedeBIZ6.5.2affected
n/aDedeBIZ6.5.3affected
n/aDedeBIZ6.5.4affected
n/aDedeBIZ6.5.5affected
n/aDedeBIZ6.5.6affected
n/aDedeBIZ6.5.7affected
n/aDedeBIZ6.5.8affected
n/aDedeBIZ6.5.9affected

Weaknesses

  • CWE-77: Command Injection
  • CWE-74: Injection

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: total

References