Unrated severityNVD Advisory· Published Nov 7, 2025· Updated Nov 10, 2025

CVE-2025-60574

Description

A Local File Inclusion (LFI) vulnerability has been identified in tQuadra CMS 4.2.1117. The issue exists in the "/styles/" path, which fails to properly sanitize user-supplied input. An attacker can exploit this by sending a crafted GET request to retrieve arbitrary files from the underlying system.

Affected products

tQuadra/tQuadra CMSdescription
Packagist/Cmsllm-fuzzy
Range: =4.2.1117
Package: https://packagist.org/packages/typo3/cms

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000