CVE-2025-46359

Summary

A path traversal issue exists in backup and restore feature of multiple versions of PowerCMS. A product administrator may execute arbitrary code by restoring a crafted backup file.

Affected Software

VendorProductVersion RangeStatus
Alfasado Inc.PowerCMS6.7 and earlier (PowerCMS 6.x series)affected
Alfasado Inc.PowerCMS5.3 and earlier (PowerCMS 5.x series)affected
Alfasado Inc.PowerCMS4.6 and earlier (PowerCMS 4.x series)affected

Weaknesses

  • CWE-22: Improper limitation of a pathname to a restricted directory ('Path Traversal')

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References