EyouCMS arcpagelist Ajax.php unserialize deserialization_CVE-2025-15375

5.3 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

Description

A flaw has been found in EyouCMS up to 1.7.7. The impacted element is the function unserialize of the file application/api/controller/Ajax.php of the component arcpagelist Handler. Executing manipulation of the argument attstr can lead to deserialization. The attack can be launched remotely. The exploit has been published and may be used. The vendor is "[a]cknowledging the existence of the vulnerability, we have completed the fix and will release a new version, v1.7.8".

Basic Information

ID CVE-2025-15375

Source VulDB

Published Dec 31, 2025 at 05:02

Affected Product

Vendor n/a

Product EyouCMS

Version 1.7.0

Affected Versions n/a EyouCMS 1.7.0
n/a EyouCMS 1.7.1
n/a EyouCMS 1.7.2
n/a EyouCMS 1.7.3
n/a EyouCMS 1.7.4
n/a EyouCMS 1.7.5
n/a EyouCMS 1.7.6
n/a EyouCMS 1.7.7

CWE Classification

CWE-502 CWE-20

References

{
    "lastseen": "",
    "description": "A flaw has been found in EyouCMS up to 1.7.7. The impacted element is the function unserialize of the file application/api/controller/Ajax.php of the component arcpagelist Handler. Executing manipulation of the argument attstr can lead to deserialization. The attack can be launched remotely. The exploit has been published and may be used. The vendor is \"[a]cknowledging the existence of the vulnerability, we have completed the fix and will release a new version, v1.7.8\".",
    "published": "2025-12-31T05:02:09.241Z",
    "modified": "2025-12-31T05:02:09.241Z",
    "type": "cve",
    "title": "EyouCMS arcpagelist Ajax.php unserialize deserialization",
    "source": "VulDB",
    "references": "https://vuldb.com/?id.339083\nhttps://vuldb.com/?ctiid.339083\nhttps://vuldb.com/?submit.718481\nhttps://note-hxlab.wetolink.com/share/2wLgcbKe9Toh\nhttps://note-hxlab.wetolink.com/share/2wLgcbKe9Toh#-span--strong-proof-of-concept---strong---span-",
    "id": "CVE-2025-15375",
    "bulletinFamily": "",
    "cwe": [
        "CWE-502",
        "CWE-20"
    ],
    "cvelist": null,
    "sourceData": "n/a EyouCMS 1.7.0\nn/a EyouCMS 1.7.1\nn/a EyouCMS 1.7.2\nn/a EyouCMS 1.7.3\nn/a EyouCMS 1.7.4\nn/a EyouCMS 1.7.5\nn/a EyouCMS 1.7.6\nn/a EyouCMS 1.7.7",
    "sourceHref": "",
    "cvss": {
        "score": 5.3,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "EyouCMS",
    "version": "1.7.0",
    "vendor": "n/a",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}