CVE-2025-15264

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2025-15264

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-15264.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-15264

Published

2025-12-30T19:15:44.230Z

Modified

2026-03-14T15:03:52.907266Z

Severity

7.3 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L CVSS Calculator

Summary

[none]

Details

A vulnerability was determined in FeehiCMS up to 2.1.1. Impacted is an unknown function of the file frontend/web/timthumb.php of the component TimThumb. Executing manipulation of the argument src can lead to server-side request forgery. The attack can be launched remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.

References

Affected packages

Git / github.com/liufee/cms

Affected ranges

Type

GIT

Repo

https://github.com/liufee/cms

Events

Introduced

Last affected

a5198f0f34a0aedd87d9b2f8cb09d0a0a88bcd09

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.1.1"
        }
    ]
}

Affected versions

0.*

0.0.1

0.0.2

0.0.3

0.0.4

0.0.5

0.0.6

0.0.7

0.0.8

0.0.9

0.1.0

0.1.1

0.1.2

0.1.3

1.*

1.0.0-alpha3

1.0.0alpha1

1.0.0alpha2

1.0.0beta1

1.0.0beta2

1.0.0beta3

1.0.0rc1

1.0.0rc2

2.*

2.0.0

2.0.1

2.0.2

2.0.3

2.0.4

2.0.4.1

2.0.5

2.0.5.1

2.0.6

2.0.7

2.0.7.1

2.0.8

2.0.8.1

2.1.0

2.1.0-beta

2.1.0-beta2

2.1.0.1

2.1.0.2

2.1.1

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-15264.json"