CVE-2025-1106

CVSS 3.1 Score 5.4 of 10 (medium)

Details

Published Feb 7, 2025

CWE ID 22

Summary

CVE-2025-1106 is a critical vulnerability affecting CmsEasy version 7.7.7.9. The issue lies in the function deletedir_action/restore_action of the lib/admin/database_admin.php library. Attackers can manipulate this function to perform path traversal, enabling them to access and possibly modify sensitive files. This vulnerability can be exploited remotely, making it a significant security risk. The exploit for this vulnerability has been made public, increasing the threat level. Despite early disclosure to the vendor, no response or patch has been provided.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/3Ie_yR
https://www.cve.org/CVERecord?id=CVE-2025-1106
https://nvd.nist.gov/vuln/detail/CVE-2025-1106

Back to Vulnerability Database

CVE-2025-1106

CVSS 3.1 Score 5.4 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations