Unrated severityOSV Advisory· Published Dec 17, 2025· Updated Dec 18, 2025

CVE-2025-67174

Description

A local file inclusion (LFI) vulnerability in RiteCMS v3.1.0 allows attackers to read arbitrary files on the host via a directory traversal in the admin_language_file and default_page_language_file in the admin.php component

Affected products

Handylulu/RitecmsOSV
Range: V3.1.0, v3.0.0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/handylulu/RiteCMS/blob/master/admin.phpmitre
github.com/handylulu/RiteCMS/blob/master/cms/subtemplates/settings.inc.tplmitre
github.com/mbiesiad/vulnerability-research/tree/main/CVE-2025-67174mitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000