CVE 9.8 CRITICAL

CVE-2025-65602_CVE-2025-65602

December 18, 2025 invoker category_cve
9.8 / 10
CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Description

A template injection vulnerability in the /vip/v1/file/save component of ChanCMS v3.3.4 allows attackers to execute arbitrary code via a crafted POST request.

AI Analysis

Template injection vulnerability allowing arbitrary code execution via crafted POST request

Basic Information

ID CVE-2025-65602
Source mitre
Published Dec 10, 2025 at 00:00
Modified Dec 18, 2025 at 20:31

Affected Product

Vendor n/a
Product n/a
Version n/a
Affected Versions n/a n/a n/a

CWE Classification

CWE-1336

AI Assessment

AI Score 9.8 / 10
AI Severity Critical
Vendor ChanCMS
Product ChanCMS
Version v3.3.4

References

💭 Join the Security Discussion

🔒 Your email address will not be published. Required fields are marked *

⚠️ Please be respectful and constructive in your comments. Security discussions should remain professional.