CVE-2025-3317

Summary

CVE-2025-3317 is a newly disclosed vulnerability affecting the fumiao version of Opencms up to a0fafa5cff58719e9b27c2a2eec204cc165ce14f. The vulnerability lies in an unknown function of the file opencms-dev/src/main/webapp/view/admin/document/dataPage.jsp. An attacker can exploit this path traversal vulnerability by manipulating the argument path, potentially gaining unauthorized access to sensitive data or even executing malicious code. This exploit has been made public, increasing the risk of attacks. Since the product utilizes a rolling release for continuous delivery, no version with the fix is currently available, leaving users vulnerable until an update is released.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.