CRITICAL🇵🇱 Wersja polska

CVE-2025-7065

CVSS 10.0v4.0pub. 2025-09-30upd. 2025-11-26

Due to client-controlled permission check parameter, PAD CMS's photo upload functionality allows an unauthenticated remote attacker to upload files of any type and extension without restriction, which can then be executed leading to Remote Code Execution. This issue affects all 3 templates: www, bip and ww+bip. This product is End-Of-Life and producent will not publish patches for this vulnerability.

🤖 AI Analysis
How it works

The photo upload function in PAD CMS relies on a client-side controlled parameter that is responsible for verifying file upload permissions. An attacker can modify this parameter, completely bypassing the permission checking mechanism. As a result, it is possible to upload a file of any type and extension (e.g., webshell script) without any restrictions or authentication requirements. The uploaded file can then be executed on the server, leading to Remote Code Execution.

Impact

An attacker gains the ability to execute arbitrary code remotely on the server (RCE), which can lead to complete system compromise, data breach, installation of backdoors, or further lateral movement within the organization's network.

Mitigation & patch

The manufacturer will not release a patch – the product is in End-Of-Life status. It is recommended to immediately disable or isolate PAD CMS instances from the public network, migrate to an alternative supported solution, and implement access control mechanisms at the infrastructure level (e.g., firewall, WAF). Details available in references: https://cert.pl/posts/2025/09/CVE-2025-7063

Who is affected

All versions of PAD CMS by Widzialni in all three templates: www, bip, and ww+bip.

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
  • Widzialni Pad Cms

    APP
    Widzialni
    ≤ 1.2.1
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
RCE
CWE
References

Related vulnerabilities

CVE-2025-7063CRITICAL10.0PL ✓ten sam produkt

Unrestricted File Upload w PAD CMS umożliwiający RCE

CVE-2025-8120CRITICAL10.0PL ✓ten sam produkt

Unrestricted File Upload z RCE w Widzialni PAD CMS (brak uwierzytelnienia)

CVE-2025-8122HIGH8.7ten sam produkt

Improper neutralization of input provided by an authorized user in article positioning functionality allows fo...

CVE-2025-8117HIGH8.7ten sam produkt

PAD CMS improperly initializes parameter used for password recovery, which allows to change password for any u...

CVE-2025-8121HIGH8.7ten sam produkt

Improper neutralization of input provided by an authorized user in article positioning functionality allows fo...