CVE-2025-1556

Published: Feb 22, 2025Modified: Oct 1, 2025

5.1

Vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Show more

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XShow less

Source: CNA (Secondary)

Description

A vulnerability, which was classified as problematic, has been found in westboy CicadasCMS 1.0. This issue affects some unknown processing of the file /system of the component Template Management. The manipulation leads to deserialization. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Affected (1)

Products: Westboy: Cicadascms

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Westboy Cicadascms	Version 1.0

Related CWEs

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Deserialization of Untrusted Data

The product deserializes untrusted data without sufficiently verifying that the resulting data will be valid.

References (4)

https://github.com/FightingLzn9/vul/blob/main/CicadasCMS(2).md

Source: cna@vuldb.com

ExploitThird Party Advisory

https://vuldb.com/?ctiid.296507

Source: cna@vuldb.com

Permissions RequiredVDB Entry

https://vuldb.com/?id.296507

Source: cna@vuldb.com

Third Party AdvisoryVDB Entry

https://vuldb.com/?submit.499520

Source: cna@vuldb.com

Third Party AdvisoryVDB Entry

Timeline

No history available yet.