CVE-2025-1336: CmsEasy image_admin.php deleteimg_action path traversal
First published: Sun Feb 16 2025(Updated: )
A vulnerability has been found in CmsEasy 7.7.7.9 and classified as problematic. Affected by this vulnerability is the function deleteimg_action in the library lib/admin/image_admin.php. The manipulation of the argument imgname leads to path traversal. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Credit: cna@vuldb.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| CmsEasy | ||
| CmsEasy | =7.7.7.9 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2025-1336?
CVE-2025-1336 is classified as problematic due to its potential for path traversal exploitation.
How do I fix CVE-2025-1336?
To address CVE-2025-1336, it is essential to update CmsEasy to a patched version that resolves the vulnerability.
What is the affected function in CVE-2025-1336?
The affected function in CVE-2025-1336 is deleteimg_action located in lib/admin/image_admin.php.
Which versions of CmsEasy are vulnerable to CVE-2025-1336?
CmsEasy version 7.7.7.9 is known to be vulnerable to CVE-2025-1336.
What kind of attack is possible with CVE-2025-1336?
CVE-2025-1336 allows for a path traversal attack through manipulation of the imgname argument.
- agent/weakness
- agent/title
- agent/first-publish-date
- agent/references
- agent/description
- agent/type
- agent/guess-ai
- agent/software-canonical-lookup
- agent/source
- agent/author
- agent/tags
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/severity
- agent/softwarecombine
- agent/event
- collector/nvd-api
- source/NVD
- vendor/cmseasy
- canonical/cmseasy
- version/cmseasy/7.7.7.9