CVE-2025-15009 | liweiyi ChestnutCMS up to 1.5.8 Filename /dev-api/common/upload FilenameUtils.getExtension File unrestricted upload

A vulnerability was found in liweiyi ChestnutCMS up to 1.5.8. It has been declared as critical. This vulnerability affects the function FilenameUtils.getExtension of the file /dev-api/common/upload of the component Filename Handler. Executing manipulation of the argument File can lead to unrestricted upload.

The identification of this vulnerability is CVE-2025-15009. The attack may be launched remotely. Furthermore, there is an exploit available.

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

CVE-2025-15009 | liweiyi ChestnutCMS up to 1.5.8 Filename /dev-api/common/upload FilenameUtils.getExtension File unrestricted upload

Post correlati

CVE-2023-5395 | Honeywell Experion Server Hostname stack-based overflow

CVE-2025-4215 | gorhill uBlock Origin up to 1.63.3b16 UI src/js/1p-filters.js currentStateChanged redos

CVE-2024-10581 | designinvento DirectoryPress Frontend Plugin up to 2.7.9 on WordPress dpfl_listingStatusChange cross-site request forgery

CVE-2020-10370 | BlueZ Spectra denial of service