liweiyi ChestnutCMS download resourceDownload path traversal_CVE-2025-12923

5.1 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P

Description

A vulnerability was determined in liweiyi ChestnutCMS up to 1.5.8. This vulnerability affects the function resourceDownload of the file /dev-api/common/download. Executing manipulation of the argument path can lead to path traversal. The attack can be launched remotely. The exploit has been publicly disclosed and may be utilized.

Basic Information

ID CVE-2025-12923

Source VulDB

Published Nov 10, 2025 at 00:32

Affected Product

Vendor liweiyi

Product ChestnutCMS

Version 1.5.0

Affected Versions liweiyi ChestnutCMS 1.5.0
liweiyi ChestnutCMS 1.5.1
liweiyi ChestnutCMS 1.5.2
liweiyi ChestnutCMS 1.5.3
liweiyi ChestnutCMS 1.5.4
liweiyi ChestnutCMS 1.5.5
liweiyi ChestnutCMS 1.5.6
liweiyi ChestnutCMS 1.5.7
liweiyi ChestnutCMS 1.5.8

CWE Classification

CWE-22

References

{
    "lastseen": "",
    "description": "A vulnerability was determined in liweiyi ChestnutCMS up to 1.5.8. This vulnerability affects the function resourceDownload of the file /dev-api/common/download. Executing manipulation of the argument path can lead to path traversal. The attack can be launched remotely. The exploit has been publicly disclosed and may be utilized.",
    "published": "2025-11-10T00:32:06.381Z",
    "modified": "2025-11-10T00:32:06.381Z",
    "type": "cve",
    "title": "liweiyi ChestnutCMS download resourceDownload path traversal",
    "source": "VulDB",
    "references": "https://vuldb.com/?id.331643\nhttps://vuldb.com/?ctiid.331643\nhttps://vuldb.com/?submit.681032\nhttps://github.com/Huu1j/CVE/blob/main/chestnutcms%20Arbitrary%20File%20Read.md",
    "id": "CVE-2025-12923",
    "bulletinFamily": "",
    "cwe": [
        "CWE-22"
    ],
    "cvelist": null,
    "sourceData": "liweiyi ChestnutCMS 1.5.0\nliweiyi ChestnutCMS 1.5.1\nliweiyi ChestnutCMS 1.5.2\nliweiyi ChestnutCMS 1.5.3\nliweiyi ChestnutCMS 1.5.4\nliweiyi ChestnutCMS 1.5.5\nliweiyi ChestnutCMS 1.5.6\nliweiyi ChestnutCMS 1.5.7\nliweiyi ChestnutCMS 1.5.8",
    "sourceHref": "",
    "cvss": {
        "score": 5.1,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "ChestnutCMS",
    "version": "1.5.0",
    "vendor": "liweiyi",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}