High severity7.3NVD Advisory· Published Dec 30, 2025· Updated Apr 29, 2026
CVE-2025-15264
CVE-2025-15264
Description
A vulnerability was determined in FeehiCMS up to 2.1.1. Impacted is an unknown function of the file frontend/web/timthumb.php of the component TimThumb. Executing manipulation of the argument src can lead to server-side request forgery. The attack can be launched remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.
Affected products
2Patches
Vulnerability mechanics
References
3News mentions
0No linked articles in our index yet.