High severity7.5NVD Advisory· Published Feb 18, 2025· Updated Jun 17, 2026
CVE-2025-25224
CVE-2025-25224
Description
The LuxCal Web Calendar prior to 5.3.3M (MySQL version) and prior to 5.3.3L (SQLite version) contains a missing authentication vulnerability in dloader.php. If this vulnerability is exploited, arbitrary files on a server may be obtained.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Range: <5.3.3M (MySQL), <5.3.3L (SQLite)
- Range: prior to 5.3.3L (SQLite version)
Patches
Vulnerability mechanics
References
3- jvn.jp/en/jp/JVN26024080/nvdThird Party Advisory
- www.luxsoft.eunvdProduct
- www.luxsoft.eu/lcforum/viewtopic.phpnvdRelease Notes
News mentions
0No linked articles in our index yet.