CVE-2025-2639: JIZHICMS Article release.html improper authorization
First published: Sun Mar 23 2025(Updated: )
A vulnerability has been found in JIZHICMS up to 1.7.0 and classified as problematic. This vulnerability affects unknown code of the file /user/release.html of the component Article Handler. The manipulation leads to improper authorization. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Credit: cna@vuldb.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Jizhicms | <=1.7.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2025-2639?
CVE-2025-2639 is classified as problematic due to its impact on authorization mechanisms within JIZHICMS.
How do I fix CVE-2025-2639?
To fix CVE-2025-2639, update JIZHICMS to a version later than 1.7.0 which addresses this vulnerability.
What systems are affected by CVE-2025-2639?
CVE-2025-2639 affects JIZHICMS versions up to and including 1.7.0.
What kind of attack can exploit CVE-2025-2639?
CVE-2025-2639 can be exploited through remote attacks that manipulate improper authorization.
What component of JIZHICMS is vulnerable in CVE-2025-2639?
The vulnerable component in CVE-2025-2639 is the Article Handler found in the /user/release.html file.
- collector/mitre-cve
- source/MITRE
- agent/title
- agent/weakness
- agent/type
- agent/first-publish-date
- agent/description
- agent/references
- agent/guess-ai
- agent/software-canonical-lookup
- agent/softwarecombine
- collector/nvd-api
- source/NVD
- agent/author
- agent/severity
- agent/last-modified-date
- agent/event
- collector/epss-latest
- source/FIRST
- agent/source
- agent/tags
- agent/epss
- vendor/jizhicms
- canonical/jizhicms