Medium severity4.3NVD Advisory· Published Mar 28, 2025· Updated Jun 17, 2026
CVE-2025-2917
CVE-2025-2917
Description
A vulnerability, which was classified as problematic, was found in ChestnutCMS up to 1.5.3. Affected is the function readFile of the file /dev-api/cms/file/read. The manipulation of the argument filePath leads to path traversal. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Affected products
2<=1.5.3+ 1 more
- (no CPE)range: <=1.5.3
- (no CPE)range: 1.5.0
Patches
Vulnerability mechanics
References
5- r0ot.notion.site/ChestnutCMS-1-5-3-Arbitrary-file-read-vulnerability-1ae27d744f7f8074a169ca849e8a1d31nvdExploitThird Party Advisory
- r0ot.notion.site/ChestnutCMS-1-5-3-Arbitrary-file-read-vulnerability-1ae27d744f7f8074a169ca849e8a1d31nvdExploitThird Party Advisory
- vuldb.comnvdThird Party AdvisoryVDB Entry
- vuldb.comnvdThird Party AdvisoryVDB Entry
- vuldb.comnvdPermissions RequiredVDB Entry
News mentions
0No linked articles in our index yet.