CVE-2025-28915

CVSS 3.1 Score 9.1 of 10 (high)

Details

Published Mar 11, 2025

CWE ID 434

Summary

CVE-2025-28915 is a file upload vulnerability affecting ThemeEgg ToolKit from version n/a through 1.2.9. Hackers can exploit this vulnerability to upload a web shell, granting them unrestricted access to the web server. This poses a significant risk as web shells can be used for various malicious activities, such as data theft or unauthorized system modification. The vulnerability occurs due to insufficient input validation, allowing users to upload files of dangerous types. It is crucial for users to update ThemeEgg ToolKit to the latest version or consider alternative solutions to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

Toolkit Plugin

Affected Vendors

Templatesnext

Advisories, Assessments, and Mitigations

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

Measuring the US-China AI Gap

TerraStealerV2 and TerraLogger: Golden Chickens' New Malware Families Discovered

Uncovering MintsLoader With Recorded Future Malware Intelligence Hunting

Know What Matters

For Customers

For Partners