CVE Catalog
CVE-2025-25790
CriticalCVSS 9.8Exploitation Probability (EPSS)
Elevated risk0.83%
53th percentile - higher than 53% of all known CVEs
Summary
An arbitrary file upload vulnerability was found in FoxCMS v1.2.5 within the LocalTemplate.php component. Attackers can upload a crafted ZIP file, leading to arbitrary code execution on the server.
Risk Assessment
The organization risks full server compromise, data theft, content manipulation, and potential use of the server for further attacks.
Recommendation
Immediately update FoxCMS to the latest version and implement file type validation and restrictions on ZIP file uploads.
Original NVD description (English source)
An arbitrary file upload vulnerability in the component \controller\LocalTemplate.php of FoxCMS v1.2.5 allows attackers to execute arbitrary code via uploading a crafted Zip file.

