CVE-2025-25519

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Feb 25, 2025

Updated: Feb 26, 2025

CWE ID 89

Summary

CVE-2025-25519 is a newly discovered vulnerability affecting Seacms versions up to 13.3. Hackers can exploit this SQL Injection flaw in the admin_zyk.php file to gain unauthorized access to sensitive data or even take control of the affected system. Successful exploitation requires malicious input to be sent to the vulnerable application, posing a serious risk to organizations that have not yet applied the necessary patch. It is crucial for users of Seacms to upgrade to a patched version as soon as possible to mitigate this security threat.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

SeaCMS

Affected Vendors

Seacms

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/3IDxup
https://www.cve.org/CVERecord?id=CVE-2025-25519
https://nvd.nist.gov/vuln/detail/CVE-2025-25519

Back to Vulnerability Database