VYPR
Medium severity6.3NVD Advisory· Published Dec 31, 2025· Updated Apr 29, 2026

CVE-2025-15375

CVE-2025-15375

Description

A flaw has been found in EyouCMS up to 1.7.7. The impacted element is the function unserialize of the file application/api/controller/Ajax.php of the component arcpagelist Handler. Executing a manipulation of the argument attstr can lead to deserialization. The attack can be launched remotely. The exploit has been published and may be used. The vendor is "[a]cknowledging the existence of the vulnerability, we have completed the fix and will release a new version, v1.7.8".

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Eyoucms/Eyoucms2 versions
    cpe:2.3:a:eyoucms:eyoucms:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:eyoucms:eyoucms:*:*:*:*:*:*:*:*range: <1.7.8
    • (no CPE)range: <=1.7.7

Patches

Vulnerability mechanics

References

5

News mentions

0

No linked articles in our index yet.