CRITICAL🇵🇱 Wersja polska

CVE-2025-65602

CVSS 9.8v3.1pub. 2025-12-10upd. 2025-12-18

A template injection vulnerability in the /vip/v1/file/save component of ChanCMS v3.3.4 allows attackers to execute arbitrary code via a crafted POST request.

🤖 AI Analysis
How it works

An attacker sends a crafted HTTP POST request to the /vip/v1/file/save endpoint, injecting a malicious template (template injection). The server-side template processing mechanism interprets the transmitted data as executable code, leading to the execution of arbitrary commands in the context of the server process. The vulnerability does not require any authentication or user interaction, making it trivial to exploit remotely.

Impact

An attacker can gain full control over the system — read, modify or delete data, and completely compromise the server. Lateral movement through the infrastructure or backdoor installation is also possible.

Mitigation & patch

Patches available from the vendor should be applied according to references. Until the fix is deployed, it is recommended to block access to the /vip/v1/file/save endpoint at the firewall or reverse proxy level and restrict application access exclusively to trusted networks.

Who is affected

ChanCMS version 3.3.4

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Chancms

    APP
    Chancms
    3.3.4
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
RCE
CWE
References

Related vulnerabilities

CVE-2025-11905LOW2.1ten sam produkt

W systemie yanyutao0402 ChanCMS do wersji 3.3.2 odkryto podatność wpływającą na funkcję getArticle w pliku app...

CVE-2025-11903LOW2.1ten sam produkt

W yanyutao0402 ChanCMS do wersji 3.3.2 odkryto lukę bezpieczeństwa. Problem występuje w funkcji update pliku /...

CVE-2025-11902LOW2.1ten sam produkt

Wykryta została podatność w yanyutao0402 ChanCMS do wersji 3.3.2. Podatność dotyczy funkcji findField w pliku ...

CVE-2025-11904LOW2.1ten sam produkt

Odkryto podatność w yanyutao0402 ChanCMS do wersji 3.3.2, która dotyczy funkcji hasUse w pliku /cms/model/hasU...

CVE-2025-10211LOW2.1ten sam produkt

W oprogramowaniu yanyutao0402 ChanCMS w wersji 3.3.0 wykryto lukę bezpieczeństwa. Podatny element to funkcja C...