CVE-2025-15375 | EyouCMS up to 1.7.7 arcpagelist Ajax.php unserialize attstr deserialization

A vulnerability, which was classified as critical, was found in EyouCMS up to 1.7.7. The impacted element is the function unserialize of the file application/api/controller/Ajax.php of the component arcpagelist Handler. Executing manipulation of the argument attstr can lead to deserialization.

This vulnerability is tracked as CVE-2025-15375. The attack can be launched remotely. Moreover, an exploit is present.

The vendor is “[a]cknowledging the existence of the vulnerability, we have completed the fix and will release a new version, v1.7.8”.

CVE-2025-15375 | EyouCMS up to 1.7.7 arcpagelist Ajax.php unserialize attstr deserialization

Post correlati

CVE-2023-52378 | Huawei HarmonyOS/EMUI WindowManagerServices Module Privilege Escalation

CVE-2024-40117 | Solar-Log 1000 prior 2.8.2 Web Administration Server access control

CVE-2024-8076 | TOTOLINK AC1200 T8 4.1.5cu.862_B20230228 setDiagnosisCfg buffer overflow

CVE-2025-6751 | Linksys E8450 up to 1.2.00.360516 HTTP POST Request portal.cgi set_device_language dut_language buffer overflow