CVE-2025-15093

LOW EPSS 28.4%

Published Dec 26, 20256mo ago · Modified Jun 17, 20261w ago

2.1 CVSS 4.0

Low

Published Dec 26, 2025 6mo ago

Last Modified Jun 17, 2026 1w ago

Description

A security flaw has been discovered in sunkaifei FlyCMS up to abbaa5a8daefb146ad4d61027035026b052cb414. The affected element is an unknown function of the file src/main/java/com/flycms/web/system/IndexAdminController.java of the component Admin Login. Performing a manipulation of the argument redirectUrl results in cross site scripting. The attack can be initiated remotely. The exploit has been released to the public and may be used for attacks. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. The vendor was contacted early about this disclosure but did not respond in any way.

CVSS Details

Base Score

2.1

Exploitability

—

Impact

—

Vector string

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector Network

Attack Complexity Low

Privileges Required None

User Interaction P

Scope X

Threat Intelligence

EPSS Exploit Probability

28.4% percentile

Exploit & Patch Status

Public Exploit Known

No Patch Available

Weaknesses 2

CWE-79 Cross-site Scripting Injection

CWE-94 Improper Control of Generation of Code (Code Injection) Injection

Affected Products 1

Vendor	Product	Version	Range
sunkaifei	flycms	*	≤2019-12-20

References 5

github.com https://github.com/sunkaifei/FlyCms/
github.com https://github.com/sunkaifei/FlyCms/issues/15

ExploitIssue TrackingVendor Advisory
vuldb.com https://vuldb.com/?ctiid.338422

Permissions RequiredVDB Entry
vuldb.com https://vuldb.com/?id.338422

Third Party AdvisoryVDB Entry
vuldb.com https://vuldb.com/?submit.708996

Third Party AdvisoryVDB Entry

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.