CVE-2025-8772 | Vinades NukeViet up to 4.5.06 Module index.php?language=en&nv=upload server-side request forgery

A vulnerability, which was classified as problematic, has been found in Vinades NukeViet up to 4.5.06. This issue affects some unknown processing of the file /admin/index.php?language=en&nv=upload of the component Module Handler. The manipulation leads to server-side request forgery.

The identification of this vulnerability is CVE-2025-8772. The attack may be initiated remotely. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2025-8772 | Vinades NukeViet up to 4.5.06 Module index.php?language=en&nv=upload server-side request forgery

Post correlati

CVE-2024-5229 | Primary Addon for Elementor Plugin up to 1.5.5 on WordPress Pricing Table Widget cross site scripting

CVE-2024-6359 | OpenText ArcSight Intelligence up to 6.4.12 privileges management

CVE-2024-34142 | Adobe Experience Manager up to 6.5.20 cross site scripting (apsb24-28)

CVE-2024-24042 | Devan-Kerman ARRP up to 0.8.1 RuntimeResourcePackImpl dumpDirect path traversal