CVE Details
Basic Information
| Title | CVE-2025-46359 |
|---|---|
| Type | cve |
| Published | 2025-07-31T07:22:46.914Z |
| Modified | 2025-07-31T07:22:46.914Z |
Product Information
| Vendor | Alfasado Inc. |
|---|---|
| Product | PowerCMS |
| Version | 6.7 and earlier (PowerCMS 6.x series) |
CVSS Information
| Base Score | 7.2 (HIGH) |
|---|---|
| Attack Vector | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
AI Analysis
| AI Description | A path traversal vulnerability in PowerCMS’s backup and restore feature allows administrators to execute arbitrary code by restoring a malicious backup file. This could lead to unauthorized access and system compromise. |
|---|---|
| AI Severity | High |
| AI Vendor | Alfasado Inc. |
| AI Product | PowerCMS |
| AI Version | 6.7 and earlier (6.x series), 5.3 and earlier (5.x series), 4.6 and earlier (4.x series) |
Affected Products
- Alfasado Inc. PowerCMS 6.7 and earlier (PowerCMS 6.x series)
- Alfasado Inc. PowerCMS 5.3 and earlier (PowerCMS 5.x series)
- Alfasado Inc. PowerCMS 4.6 and earlier (PowerCMS 4.x series)
Additional Information
| CWE List | CWE-22 |
|---|---|
| Source | jpcert |
Description
A path traversal issue exists in backup and restore feature of multiple versions of PowerCMS. A product administrator may execute arbitrary code by restoring a crafted backup file.