CVE-2025-4291: IdeaCMS saveUpload unrestricted upload
First published: Mon May 05 2025(Updated: )
A vulnerability, which was classified as critical, was found in IdeaCMS up to 1.6. Affected is the function saveUpload. The manipulation leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Credit: cna@vuldb.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Ideacms | <=1.6 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2025-4291?
CVE-2025-4291 has been classified as a critical severity vulnerability.
How do I fix CVE-2025-4291?
To fix CVE-2025-4291, upgrade to IdeaCMS version 1.7 or later, which addresses the unrestricted upload vulnerability.
What impact does CVE-2025-4291 have on IdeaCMS?
CVE-2025-4291 allows for unrestricted file uploads, leading to potential remote code execution.
Is CVE-2025-4291 actively being exploited?
Yes, CVE-2025-4291 has been disclosed publicly and may be actively exploited by attackers.
What function is vulnerable in CVE-2025-4291?
The vulnerability in CVE-2025-4291 specifically affects the function saveUpload.
- collector/mitre-cve
- source/MITRE
- agent/title
- agent/references
- agent/description
- agent/first-publish-date
- agent/type
- agent/weakness
- agent/guess-ai
- agent/software-canonical-lookup
- agent/softwarecombine
- collector/nvd-api
- source/NVD
- agent/last-modified-date
- agent/source
- agent/severity
- agent/author
- agent/tags
- agent/event
- vendor/ideacms
- canonical/ideacms