CVE-2025-41396_CVE-2025-41396

5.4 / 10

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L

Description

A path traversal issue exists in file uploading feature of multiple versions of PowerCMS. Arbitrary files may be overwritten by a product user.

Basic Information

ID CVE-2025-41396

Source jpcert

Published Jul 31, 2025 at 07:24

Modified Jul 31, 2025 at 15:14

Affected Product

Vendor Alfasado Inc.

Product PowerCMS

Version 6.7 and earlier (PowerCMS 6.x series)

Affected Versions Alfasado Inc. PowerCMS 6.7 and earlier (PowerCMS 6.x series)
Alfasado Inc. PowerCMS 5.3 and earlier (PowerCMS 5.x series)
Alfasado Inc. PowerCMS 4.6 and earlier (PowerCMS 4.x series)

CWE Classification

CWE-22

References

{
    "lastseen": "",
    "description": "A path traversal issue exists in file uploading feature of multiple versions of PowerCMS. Arbitrary files may be overwritten by a product user.",
    "published": "2025-07-31T07:24:20.561Z",
    "modified": "2025-07-31T15:14:06.812Z",
    "type": "cve",
    "title": "CVE-2025-41396",
    "source": "jpcert",
    "references": "https://www.powercms.jp/news/release-powercms-671-531-461.html\nhttps://jvn.jp/en/vu/JVNVU93412964/",
    "id": "CVE-2025-41396",
    "bulletinFamily": "",
    "cwe": [
        "CWE-22"
    ],
    "cvelist": null,
    "sourceData": "Alfasado Inc. PowerCMS 6.7 and earlier (PowerCMS 6.x series)\nAlfasado Inc. PowerCMS 5.3 and earlier (PowerCMS 5.x series)\nAlfasado Inc. PowerCMS 4.6 and earlier (PowerCMS 4.x series)",
    "sourceHref": "",
    "cvss": {
        "score": 5.4,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "PowerCMS",
    "version": "6.7 and earlier (PowerCMS 6.x series)",
    "vendor": "Alfasado Inc.",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}