CVE-2025-25516

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Feb 25, 2025

Updated: Feb 26, 2025

CWE ID 89

Summary

CVE-2025-25516 is a newly disclosed vulnerability affecting Seacms versions up to 13.3. This issue allows an attacker to execute SQL injection attacks on the admin_paylog.php page. By inserting malicious SQL code in input fields, an attacker can access, modify, or delete sensitive data within the database. Successful exploitation could result in unauthorized access to financial records or system compromise. It is recommended that users of Seacms upgrade to the latest version as soon as possible to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

SeaCMS

Affected Vendors

Seacms

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/3IDi5w
https://www.cve.org/CVERecord?id=CVE-2025-25516
https://nvd.nist.gov/vuln/detail/CVE-2025-25516

Back to Vulnerability Database