CVE Details
Basic Information
| Title | ChestnutCMS API Endpoint exec deserialization |
|---|---|
| Type | cve |
| Published | 2025-06-04T02:00:18.913Z |
| Last Seen |
Product Information
| Vendor | n/a |
|---|---|
| Product | ChestnutCMS |
| Version | 15.0 |
CVSS Information
| Base Score | 5.3 (MEDIUM) |
|---|---|
| Attack Vector | CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N |
| Confidentiality Impact | |
| Integrity Impact | |
| Availability Impact |
AI Analysis
| AI Description | A critical vulnerability in ChestnutCMS allows remote attackers to execute arbitrary code via deserialization in the API Endpoint. This affects versions up to 15.1 and can be exploited remotely. The vulnerability is publicly disclosed and may be actively exploited. |
|---|---|
| AI Severity | Critical |
| Vendor | ChestnutCMS |
| Product | ChestnutCMS |
| Affected Version | up to 15.1 |
Additional Information
| CVE List | |
|---|---|
| CWE List | CWE-502, CWE-20 |
| Bulletin Family | |
| Source Data | n/a ChestnutCMS 15.0 n/a ChestnutCMS 15.1 |
Source Information
| Source Data | n/a ChestnutCMS 15.0 n/a ChestnutCMS 15.1 |
|---|---|
| Source Link |
Description
A vulnerability was found in ChestnutCMS up to 15.1. It has been declared as critical. This vulnerability affects unknown code of the file /dev-api/groovy/exec of the component API Endpoint. The manipulation leads to deserialization. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
CVSS Score Summary
Base Score: 5.3 (MEDIUM)