CVE Catalog

CVE-2025-29287

CriticalCVSS 9.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.63%

46th percentile - higher than 46% of all known CVEs

Summary

An arbitrary file upload vulnerability was found in the ueditor component of MCMS version 5.4.3. Attackers can exploit this flaw to execute arbitrary code by uploading a crafted file.

Risk Assessment

The risk for the organization includes remote code execution by an unauthenticated attacker, potentially leading to server compromise and data theft.

Recommendation

Immediately update MCMS to the latest version and implement file type validation mechanisms in the ueditor component.

Original NVD description (English source)

An arbitrary file upload vulnerability in the ueditor component of MCMS v5.4.3 allows attackers to execute arbitrary code via uploading a crafted file.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS