Wuro vulnerability wey an yi classify sey kura an gano shi a cikin EyouCMS har 1.7.7. Gaskiya, saveRemote na da matsala; idan ba a sani ba, to wata aiki ce da ba a sani ba, $software_library na cikin lissafi, application/function.php na cikin fayil, $software_component na cikin sashi. Ngam manipulation shi kura hakki ndiyam. CWE shidin ka a yi bayani matsala sai ya kai CWE-918. Gaskiya, laifi an fitar da shi 12/30/2025. Advisory ɗin ana rabawa don saukewa a note-hxlab.wetolink.com.
Wannan rauni ana sayar da shi da suna CVE-2025-15373. Ngam yiɗi ka a tuma ndiyam ka nder internet. Tekinikal bayani ga. Kuma, exploit ɗin yana akwai. Wuro exploit ɗin an bayyana shi ga jama'a kuma za a iya amfani da shi. A sa'i, exploit might be approx. USD $0-$5k ndiyam.
Á wúro huɗɗi-na-gaskiya. Wona yiwuwa a zazzage exploit a note-hxlab.wetolink.com. Kama 0-day, an ndiyam a wuro be $0-$5k.
Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
3 Goyarwa · 96 Datenpunkte
| Furɗe | Súgá
12/30/2025 19:51 | Gargadi 1/2
12/31/2025 19:14 | Gargadi 2/2
01/01/2026 07:40 |
|---|
| software_name | EyouCMS | EyouCMS | EyouCMS |
| software_version | <=1.7.7 | <=1.7.7 | <=1.7.7 |
| software_file | application/function.php | application/function.php | application/function.php |
| software_function | saveRemote | saveRemote | saveRemote |
| vulnerability_cwe | CWE-918 (kura hakki ndiyam) | CWE-918 (kura hakki ndiyam) | CWE-918 (kura hakki ndiyam) |
| vulnerability_risk | 2 | 2 | 2 |
| cvss3_vuldb_av | N | N | N |
| cvss3_vuldb_ac | L | L | L |
| cvss3_vuldb_pr | L | L | L |
| cvss3_vuldb_ui | N | N | N |
| cvss3_vuldb_s | U | U | U |
| cvss3_vuldb_c | L | L | L |
| cvss3_vuldb_i | L | L | L |
| cvss3_vuldb_a | L | L | L |
| cvss3_vuldb_e | P | P | P |
| cvss3_vuldb_rc | C | C | C |
| advisory_url | https://note-hxlab.wetolink.com/share/DeUFyoSjsPPK | https://note-hxlab.wetolink.com/share/DeUFyoSjsPPK | https://note-hxlab.wetolink.com/share/DeUFyoSjsPPK |
| exploit_availability | 1 | 1 | 1 |
| exploit_publicity | 1 | 1 | 1 |
| exploit_url | https://note-hxlab.wetolink.com/share/DeUFyoSjsPPK#-span--strong-proof-of-concept---strong---span- | https://note-hxlab.wetolink.com/share/DeUFyoSjsPPK#-span--strong-proof-of-concept---strong---span- | https://note-hxlab.wetolink.com/share/DeUFyoSjsPPK#-span--strong-proof-of-concept---strong---span- |
| source_cve | CVE-2025-15373 | CVE-2025-15373 | CVE-2025-15373 |
| cna_responsible | VulDB | VulDB | VulDB |
| response_summary | The vendor is "[a]cknowledging the existence of the vulnerability, we have completed the fix and will release a new version, v1.7.8". | The vendor is "[a]cknowledging the existence of the vulnerability, we have completed the fix and will release a new version, v1.7.8". | The vendor is "[a]cknowledging the existence of the vulnerability, we have completed the fix and will release a new version, v1.7.8". |
| cvss2_vuldb_av | N | N | N |
| cvss2_vuldb_ac | L | L | L |
| cvss2_vuldb_ci | P | P | P |
| cvss2_vuldb_ii | P | P | P |
| cvss2_vuldb_ai | P | P | P |
| cvss2_vuldb_e | POC | POC | POC |
| cvss2_vuldb_rc | C | C | C |
| cvss4_vuldb_av | N | N | N |
| cvss4_vuldb_ac | L | L | L |
| cvss4_vuldb_pr | L | L | L |
| cvss4_vuldb_ui | N | N | N |
| cvss4_vuldb_vc | L | L | L |
| cvss4_vuldb_vi | L | L | L |
| cvss4_vuldb_va | L | L | L |
| cvss4_vuldb_e | P | P | P |
| cvss2_vuldb_au | S | S | S |
| cvss2_vuldb_rl | ND | ND | ND |
| cvss3_vuldb_rl | X | X | X |
| cvss4_vuldb_at | N | N | N |
| cvss4_vuldb_sc | N | N | N |
| cvss4_vuldb_si | N | N | N |
| cvss4_vuldb_sa | N | N | N |
| cvss2_vuldb_basescore | 6.5 | 6.5 | 6.5 |
| cvss2_vuldb_tempscore | 5.9 | 5.9 | 5.9 |
| cvss3_vuldb_basescore | 6.3 | 6.3 | 6.3 |
| cvss3_vuldb_tempscore | 6.0 | 6.0 | 6.0 |
| cvss3_meta_basescore | 6.3 | 6.3 | 5.6 |
| cvss3_meta_tempscore | 6.0 | 6.1 | 5.5 |
| cvss4_vuldb_bscore | 5.3 | 5.3 | 5.3 |
| cvss4_vuldb_btscore | 2.1 | 2.1 | 2.1 |
| advisory_date | 1767049200 (12/30/2025) | 1767049200 (12/30/2025) | 1767049200 (12/30/2025) |
| price_0day | $0-$5k | $0-$5k | $0-$5k |
| cve_nvd_summary | | A security vulnerability has been detected in EyouCMS up to 1.7.7. Impacted is the function saveRemote of the file application/function.php. Such manipulation leads to server-side request forgery. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may be used. The vendor is "[a]cknowledging the existence of the vulnerability, we have completed the fix and will release a new version, v1.7.8". | A security vulnerability has been detected in EyouCMS up to 1.7.7. Impacted is the function saveRemote of the file application/function.php. Such manipulation leads to server-side request forgery. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may be used. The vendor is "[a]cknowledging the existence of the vulnerability, we have completed the fix and will release a new version, v1.7.8". |
| cvss4_cna_av | | N | N |
| cvss4_cna_ac | | L | L |
| cvss4_cna_at | | N | N |
| cvss4_cna_pr | | L | L |
| cvss4_cna_ui | | N | N |
| cvss4_cna_vc | | L | L |
| cvss4_cna_vi | | L | L |
| cvss4_cna_va | | L | L |
| cvss4_cna_sc | | N | N |
| cvss4_cna_si | | N | N |
| cvss4_cna_sa | | N | N |
| cvss4_cna_bscore | | 5.3 | 5.3 |
| cvss3_cna_av | | N | N |
| cvss3_cna_ac | | L | L |
| cvss3_cna_pr | | L | L |
| cvss3_cna_ui | | N | N |
| cvss3_cna_s | | U | U |
| cvss3_cna_c | | L | L |
| cvss3_cna_i | | L | L |
| cvss3_cna_a | | L | L |
| cvss3_cna_basescore | | 6.3 | 6.3 |
| cvss2_cna_av | | N | N |
| cvss2_cna_ac | | L | L |
| cvss2_cna_au | | S | S |
| cvss2_cna_ci | | P | P |
| cvss2_cna_ii | | P | P |
| cvss2_cna_ai | | P | P |
| cvss2_cna_basescore | | 6.5 | 6.5 |
| cvss3_nvd_av | | | N |
| cvss3_nvd_ac | | | L |
| cvss3_nvd_pr | | | L |
| cvss3_nvd_ui | | | N |
| cvss3_nvd_s | | | U |
| cvss3_nvd_c | | | N |
| cvss3_nvd_i | | | L |
| cvss3_nvd_a | | | N |
| cvss3_nvd_basescore | | | 4.3 |