CVE Catalog

CVE-2025-25789

CriticalCVSS 9.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Elevated risk
1.19%

64th percentile - higher than 64% of all known CVEs

Summary

FoxCMS version 1.2.5 was found to contain a remote code execution (RCE) vulnerability in the index() method at \controller\Sitemap.php. An attacker can exploit this flaw to execute arbitrary code on the server.

Risk Assessment

The risk for the organization includes full server compromise, data theft, and potential lateral movement within the internal network.

Recommendation

It is recommended to immediately update FoxCMS to the latest available version and apply security patches provided by the vendor.

Original NVD description (English source)

FoxCMS v1.2.5 was discovered to contain a remote code execution (RCE) vulnerability via the index() method at \controller\Sitemap.php.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS