CVE-2025-54757

Summary

Multiple versions of PowerCMS allow unrestricted upload of dangerous files. If a product administrator accesses a malicious file uploaded by a product user, an arbitrary script may be executed on the browser.

Affected Software

VendorProductVersion RangeStatus
Alfasado Inc.PowerCMS6.7 and earlier (PowerCMS 6.x series)affected
Alfasado Inc.PowerCMS5.3 and earlier (PowerCMS 5.x series)affected
Alfasado Inc.PowerCMS4.6 and earlier (PowerCMS 4.x series)affected

Weaknesses

  • CWE-434: Unrestricted upload of file with dangerous type

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References