CVE Catalog

CVE-2025-25784

CriticalCVSS 9.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Elevated risk
0.84%

53th percentile - higher than 53% of all known CVEs

Summary

An arbitrary file upload vulnerability in Jizhicms v2.5.4 component TemplateController.php allows attackers to execute arbitrary code by uploading a crafted ZIP file.

Risk Assessment

The risk includes full server compromise, data theft, and potential lateral movement within the internal network.

Recommendation

Immediately update Jizhicms to the latest version and implement file type validation and ZIP upload restrictions.

Original NVD description (English source)

An arbitrary file upload vulnerability in the component \c\TemplateController.php of Jizhicms v2.5.4 allows attackers to execute arbitrary code via uploading a crafted Zip file.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS