CVE Catalog
CVE-2025-29287
CriticalCVSS 9.8Exploitation Probability (EPSS)
Low risk0.63%
46th percentile - higher than 46% of all known CVEs
Summary
An arbitrary file upload vulnerability was found in the ueditor component of MCMS version 5.4.3. Attackers can exploit this flaw to execute arbitrary code by uploading a crafted file.
Risk Assessment
The risk for the organization includes remote code execution by an unauthenticated attacker, potentially leading to server compromise and data theft.
Recommendation
Immediately update MCMS to the latest version and implement file type validation mechanisms in the ueditor component.
Original NVD description (English source)
An arbitrary file upload vulnerability in the ueditor component of MCMS v5.4.3 allows attackers to execute arbitrary code via uploading a crafted file.

