CVE 9.3 CRITICAL

Sunnet｜WMPro – Arbitrary File Upload_CVE-2025-15226

December 29, 2025 invoker category_cve

9.3 / 10

CRITICAL

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Description

WMPro developed by Sunnet has a Arbitrary File Upload vulnerability, allowing unauthenticated remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server.

AI Analysis

Arbitrary File Upload vulnerability in WMPro, allowing unauthenticated remote attackers to upload and execute web shell backdoors

Basic Information

ID CVE-2025-15226

Source twcert

Published Dec 29, 2025 at 06:39

Affected Product

Vendor Sunnet

Product WMPro

Version 5.0

Affected Versions Sunnet WMPro 5.0

CWE Classification

CWE-434

AI Assessment

AI Score 9.3 / 10

AI Severity Critical

Vendor Sunnet

Product WMPro

Version 5.0

References

{
    "lastseen": "",
    "description": "WMPro developed by Sunnet has a Arbitrary File Upload vulnerability, allowing unauthenticated remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server.",
    "published": "2025-12-29T06:39:27.426Z",
    "modified": "2025-12-29T06:39:27.426Z",
    "type": "cve",
    "title": "Sunnet\uff5cWMPro - Arbitrary File Upload",
    "source": "twcert",
    "references": "https://www.twcert.org.tw/tw/cp-132-10602-c1c69-1.html\nhttps://www.twcert.org.tw/en/cp-139-10603-67149-2.html",
    "id": "CVE-2025-15226",
    "bulletinFamily": "",
    "cwe": [
        "CWE-434"
    ],
    "cvelist": null,
    "sourceData": "Sunnet WMPro 5.0",
    "sourceHref": "",
    "cvss": {
        "score": 9.3,
        "severity": "CRITICAL",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "WMPro",
    "version": "5.0",
    "vendor": "Sunnet",
    "ai_description": "Arbitrary File Upload vulnerability in WMPro, allowing unauthenticated remote attackers to upload and execute web shell backdoors",
    "ai_severity": "Critical",
    "ai_vendor": "Sunnet",
    "ai_product": "WMPro",
    "ai_version": "5.0",
    "ai_score": 9.3
}

💭 Join the Security Discussion ❌ Cancel Reply