CVE-2025-25520

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Feb 25, 2025

Updated: Feb 26, 2025

CWE ID 89

Summary

CVE-2025-25520 is a newly identified vulnerability affecting Seacms version 13.3 and below. This issue involves SQL Injection in the admin_pay.php file, enabling unauthorized users to manipulate or extract sensitive data from the database. Successful exploitation of this vulnerability could result in unintended modifications to financial transactions or complete system compromise. It is highly recommended that users upgrade to the latest Seacms version to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

SeaCMS

Affected Vendors

Seacms

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/3IDN6Q
https://www.cve.org/CVERecord?id=CVE-2025-25520
https://nvd.nist.gov/vuln/detail/CVE-2025-25520

Back to Vulnerability Database