CVE-2025-7949

LOW EPSS 21.3%
Published Jul 22, 202511mo ago · Modified Jun 17, 20261w ago
2.0 CVSS 4.0
Low
Find Similar
Published Jul 22, 2025 11mo ago
Last Modified Jun 17, 2026 1w ago

Description

A vulnerability was found in Sanluan PublicCMS up to 5.202506.a. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file publiccms-parent/publiccms/src/main/resources/templates/admin/cmsDiy/preview.html. The manipulation of the argument url leads to open redirect. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The patch is named c1e79f124e3f4c458315d908ed7dee06f9f12a76/f1af17af004ca9345c6fe4d5936d87d008d26e75. It is recommended to apply a patch to fix this issue.

CVSS Details

Base Score
2.0
Exploitability
Impact
Vector string
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector Network
Attack Complexity Low
Privileges Required Low
User Interaction P
Scope X

Threat Intelligence

EPSS Exploit Probability
21.3% percentile
Exploit & Patch Status
Public Exploit Known
Patch Available

Weaknesses 1

CWE-601

Affected Products 1

VendorProductVersionRange
publiccmspubliccms* <5.202506.b

References 5

  • github.com https://github.com/sanluan/PublicCMS/commit/c1e79f124e3f4c458315d908ed7dee06f9f12a76
    Patch
  • github.com https://github.com/sanluan/PublicCMS/issues/87
    ExploitIssue TrackingThird Party Advisory
  • vuldb.com https://vuldb.com/?ctiid.317095
    Permissions RequiredVDB Entry
  • vuldb.com https://vuldb.com/?id.317095
    Third Party AdvisoryVDB Entry
  • vuldb.com https://vuldb.com/?submit.619278
    Third Party AdvisoryVDB Entry

Remediation

  • github.com https://github.com/sanluan/PublicCMS/commit/c1e79f124e3f4c458315d908ed7dee06f9f12a76
    Patch