CVE Catalog
CVE-2025-25789
CriticalCVSS 9.8Exploitation Probability (EPSS)
Elevated risk1.19%
64th percentile - higher than 64% of all known CVEs
Summary
FoxCMS version 1.2.5 was found to contain a remote code execution (RCE) vulnerability in the index() method at \controller\Sitemap.php. An attacker can exploit this flaw to execute arbitrary code on the server.
Risk Assessment
The risk for the organization includes full server compromise, data theft, and potential lateral movement within the internal network.
Recommendation
It is recommended to immediately update FoxCMS to the latest available version and apply security patches provided by the vendor.
Original NVD description (English source)
FoxCMS v1.2.5 was discovered to contain a remote code execution (RCE) vulnerability via the index() method at \controller\Sitemap.php.

