A vulnerability, which was classified as critical, was found in IdeaCMS up to 1.6. Affected is the function saveUpload. The manipulation leads to unrestricted upload.

This vulnerability is traded as CVE-2025-4291. It is possible to launch the attack remotely. Furthermore, there is an exploit available.