CVE-2025-65657

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2025-65657

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-65657.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-65657

Aliases

GHSA-mcxq-54f4-mmx5

Published

2025-12-02T21:15:53.063Z

Modified

2025-12-21T06:43:54.116350Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

FeehiCMS version 2.1.1 has a Remote Code Execution via Unrestricted File Upload in Ad Management. FeehiCMS version 2.1.1 allows authenticated remote attackers to upload files that the server later executes (or stores in an executable location) without sufficient validation, sanitization, or execution restrictions. An authenticated remote attacker can upload a crafted PHP file and cause the application or web server to execute it, resulting in remote code execution (RCE).

References

Affected packages

Git / github.com/liufee/cms

Affected ranges

Type: GIT
Repo: https://github.com/liufee/cms
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

a5198f0f34a0aedd87d9b2f8cb09d0a0a88bcd09

Affected versions

0.*

0.0.1

0.0.2

0.0.3

0.0.4

0.0.5

0.0.6

0.0.7

0.0.8

0.0.9

0.1.0

0.1.1

0.1.2

0.1.3

1.*

1.0.0-alpha3

1.0.0alpha1

1.0.0alpha2

1.0.0beta1

1.0.0beta2

1.0.0beta3

1.0.0rc1

1.0.0rc2

2.*

2.0.0

2.0.1

2.0.2

2.0.3

2.0.4

2.0.4.1

2.0.5

2.0.5.1

2.0.6

2.0.7

2.0.7.1

2.0.8

2.0.8.1

2.1.0

2.1.0-beta

2.1.0-beta2

2.1.0.1

2.1.0.2

2.1.1

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-65657.json"