CVE-2025-1335: CmsEasy file_admin.php deleteimg_action path traversal
First published: Sun Feb 16 2025(Updated: )
A vulnerability, which was classified as problematic, was found in CmsEasy 7.7.7.9. Affected is the function deleteimg_action in the library lib/admin/file_admin.php. The manipulation of the argument imgname leads to path traversal. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Credit: cna@vuldb.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| CmsEasy | ||
| CmsEasy | =7.7.7.9 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2025-1335?
CVE-2025-1335 is classified as problematic, indicating a significant risk to security.
How does the path traversal vulnerability in CVE-2025-1335 work?
The vulnerability in CVE-2025-1335 allows an attacker to manipulate the argument imgname to access restricted files via path traversal.
Can CVE-2025-1335 be exploited remotely?
Yes, CVE-2025-1335 can be exploited remotely, making it particularly dangerous.
What software versions are affected by CVE-2025-1335?
CVE-2025-1335 affects CmsEasy version 7.7.7.9 and potentially other versions in the same series.
How do I fix CVE-2025-1335?
To fix CVE-2025-1335, it is recommended to update CmsEasy to the latest version that addresses this vulnerability.
- agent/weakness
- agent/type
- agent/title
- agent/first-publish-date
- agent/references
- agent/description
- agent/guess-ai
- agent/software-canonical-lookup
- agent/source
- agent/author
- agent/tags
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/severity
- agent/softwarecombine
- agent/event
- collector/nvd-api
- source/NVD
- vendor/cmseasy
- canonical/cmseasy
- version/cmseasy/7.7.7.9