CVE Catalog

CVE-2025-25790

CriticalCVSS 9.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Elevated risk
0.83%

53th percentile - higher than 53% of all known CVEs

Summary

An arbitrary file upload vulnerability was found in FoxCMS v1.2.5 within the LocalTemplate.php component. Attackers can upload a crafted ZIP file, leading to arbitrary code execution on the server.

Risk Assessment

The organization risks full server compromise, data theft, content manipulation, and potential use of the server for further attacks.

Recommendation

Immediately update FoxCMS to the latest version and implement file type validation and restrictions on ZIP file uploads.

Original NVD description (English source)

An arbitrary file upload vulnerability in the component \controller\LocalTemplate.php of FoxCMS v1.2.5 allows attackers to execute arbitrary code via uploading a crafted Zip file.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS