CVE-2025-41396

Summary

A path traversal issue exists in file uploading feature of multiple versions of PowerCMS. Arbitrary files may be overwritten by a product user.

Affected Software

VendorProductVersion RangeStatus
Alfasado Inc.PowerCMS6.7 and earlier (PowerCMS 6.x series)affected
Alfasado Inc.PowerCMS5.3 and earlier (PowerCMS 5.x series)affected
Alfasado Inc.PowerCMS4.6 and earlier (PowerCMS 4.x series)affected

Weaknesses

  • CWE-22: Improper limitation of a pathname to a restricted directory ('Path Traversal')

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References