CVE-2025-12923 | liweiyi ChestnutCMS up to 1.5.8 /dev-api/common/download resourceDownload path path traversal

Inserito da Angelo Barbosa | Nov 9, 2025 | CVE

A vulnerability labeled as problematic has been found in liweiyi ChestnutCMS up to 1.5.8. This vulnerability affects the function resourceDownload of the file /dev-api/common/download. Executing manipulation of the argument path can lead to path traversal.

This vulnerability is tracked as CVE-2025-12923. The attack can be launched remotely. Moreover, an exploit is present.

CVE-2025-12923 | liweiyi ChestnutCMS up to 1.5.8 /dev-api/common/download resourceDownload path path traversal

Post correlati

CVE-2024-47556 | Xerox FreeFlow Core up to 7.0.10 on Windows path traversal

CVE-2023-51200 | ROS2 Foxy Fitzroy default credentials

CVE-2025-0946 | itsourcecode Tailoring Management System 1.0 templatedelete.php id sql injection

CVE-2023-7157 | SourceCodester Free and Open Source Inventory Management System 1.0 sell_return_data.php columns[0][data] sql injection