CVE-2025-25141

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Feb 7, 2025

CWE ID 98

Summary

CVE-2025-25141 is a critical vulnerability affecting the Fami Sales Popup software for PHP. This issue arises due to the improper handling of filename inclusions in the software. An attacker can exploit this vulnerability to include local files on the affected system, potentially leading to data leakage or arbitrary code execution. The vulnerability exists in all versions of Fami Sales Popup from the unknown through 2.0.0. Users are strongly advised to update their software to the latest version, or implement suitable mitigations, to prevent potential attacks.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/3BzO5b
https://www.cve.org/CVERecord?id=CVE-2025-25141
https://nvd.nist.gov/vuln/detail/CVE-2025-25141

Back to Vulnerability Database

CVE-2025-25141

CVSS 3.1 Score 7.5 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations