CVE-2025-1186

CVSS 3.1 Score 6.3 of 10 (medium)

Details

Published Feb 12, 2025

Updated: Feb 18, 2025

CWE ID 502

CWE ID 20

Summary

CVE-2025-1186 is a critical vulnerability affecting dayrui XunRuiCMS versions up to 4.6.4. The issue lies in the /Control/Api/Api.php file, specifically with the handling of the 'thumb' argument. This vulnerability enables remote attackers to initiate deserialization through manipulation of this argument. The exploit for this vulnerability has been disclosed to the public, increasing the risk of potential attacks.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Xunruicms

Affected Vendors

Xunruicms

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/3OC0hL
https://www.cve.org/CVERecord?id=CVE-2025-1186
https://nvd.nist.gov/vuln/detail/CVE-2025-1186

Back to Vulnerability Database