CVE 8.8 HIGH

CVE-2025-56704_CVE-2025-56704

December 11, 2025 invoker category_cve

8.8 / 10

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Description

LeptonCMS version 7.3.0 contains an arbitrary file upload vulnerability, which is caused by the lack of proper validation for uploaded files. An authenticated attacker can exploit this vulnerability by uploading a specially crafted ZIP/PHP file to execute arbitrary code.

AI Analysis

Arbitrary file upload vulnerability in LeptonCMS version 7.3.0 due to lack of proper validation for uploaded files, allowing authenticated attackers to execute arbitrary code.

Basic Information

ID CVE-2025-56704

Source mitre

Published Dec 9, 2025 at 00:00

Modified Dec 11, 2025 at 19:56

Affected Product

Vendor Lepton

Product LeptonCMS

Version 7.3.0

Affected Versions n/a n/a n/a

CWE Classification

CWE-434

AI Assessment

AI Score 8.8 / 10

AI Severity High

Vendor Lepton

Product LeptonCMS

Version 7.3.0

References

{
    "lastseen": "",
    "description": "LeptonCMS version 7.3.0 contains an arbitrary file upload vulnerability, which is caused by the lack of proper validation for uploaded files. An authenticated attacker can exploit this vulnerability by uploading a specially crafted ZIP/PHP file to execute arbitrary code.",
    "published": "2025-12-09T00:00:00.000Z",
    "modified": "2025-12-11T19:56:34.216Z",
    "type": "cve",
    "title": "CVE-2025-56704",
    "source": "mitre",
    "references": "http://lepton.com\nhttps://github.com/Kayi626/Vulns/blob/UserAccount/LEPTON_CMS_7.3.0_File_Upload_A.pdf\nhttps://github.com/Kayi626/Vulns/blob/UserAccount/LEPTON_CMS_7.3.0_File_Upload_B.pdf\nhttps://github.com/Kayi626/Vulns/blob/UserAccount/LEPTON_CMS_7.3.0_File_Upload_C.pdf",
    "id": "CVE-2025-56704",
    "bulletinFamily": "",
    "cwe": [
        "CWE-434"
    ],
    "cvelist": null,
    "sourceData": "n/a n/a n/a",
    "sourceHref": "",
    "cvss": {
        "score": 8.8,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "LeptonCMS",
    "version": "7.3.0",
    "vendor": "Lepton",
    "ai_description": "Arbitrary file upload vulnerability in LeptonCMS version 7.3.0 due to lack of proper validation for uploaded files, allowing authenticated attackers to execute arbitrary code.",
    "ai_severity": "High",
    "ai_vendor": "Lepton",
    "ai_product": "LeptonCMS",
    "ai_version": "7.3.0",
    "ai_score": 8.8
}

💭 Join the Security Discussion ❌ Cancel Reply