CVE Catalog

CVE-2025-60729

MediumCVSS 5.3
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.29%

21th percentile - higher than 21% of all known CVEs

Summary

PerfreeBlog version 4.0.11 has an arbitrary file read vulnerability in the validThemeFilePath function. It allows an attacker to read arbitrary files on the server.

Risk Assessment

The risk involves potential leakage of sensitive data such as configuration files, passwords, or source code, which could lead to further attacks on the system.

Recommendation

It is recommended to immediately update PerfreeBlog to the latest version that fixes this vulnerability and restrict access to the application to trusted users only.

Original NVD description (English source)

PerfreeBlog v4.0.11 has an arbitrary file read vulnerability in the validThemeFilePath function

Vulnerability data from NVD (NIST) · CISA KEV · EPSS