VYPR
High severity7.3NVD Advisory· Published Dec 30, 2025· Updated Apr 29, 2026

CVE-2025-15264

CVE-2025-15264

Description

A vulnerability was determined in FeehiCMS up to 2.1.1. Impacted is an unknown function of the file frontend/web/timthumb.php of the component TimThumb. Executing manipulation of the argument src can lead to server-side request forgery. The attack can be launched remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.

Affected products

2
  • Feehi/Feehicms2 versions
    cpe:2.3:a:feehi:feehicms:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:feehi:feehicms:*:*:*:*:*:*:*:*range: <=2.1.1
    • (no CPE)range: <=2.1.1

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.