Vulnerabilities

CVE-2025-15009 - liweiyi ChestnutCMS Filename upload FilenameUtils.getExtension unrestricted upload

2025-12-22 0 views admin

CVE ID : CVE-2025-15009 Published : Dec. 22, 2025, 3:15 a.m. | 15 minutes ago Description : A flaw has been found in liweiyi ChestnutCMS up to 1.5.8. This vulnerability affects the function FilenameUtils.getExtension of the file /dev-api/common/upload of the component Filename Handler. Executing manipulation of the argument File can lead to unrestricted upload. The attack may be launched remotely. The exploit has been published and may be used. Severity: 6.5 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE Details

CVE ID

CVE-2025-15009

Severity

MEDIUM

Published

Dec. 22, 2025

Source: Telegram CVE Monitor

🏷️ Tags

cvevulnerabilitysecuritycybersecuritycve-2025-15009medium

CVE-2025-15009 - liweiyi ChestnutCMS Filename upload FilenameUtils.getExtension unrestricted upload

CVE Details

🏷️ Tags

More from Vulnerabilities

CVE-2025-15007 - Tenda WH450 HTTP Request L7Im stack-based overflow

CVE-2025-59301 - Modbus/TCP Dos Vulnerability in DVP15MC11T

CVE-2025-15010 - Tenda WH450 SafeUrlFilter stack-based overflow

CVE-2025-15008 - Tenda WH450 HTTP Request L7Port stack-based overflow

Trending

CVE-2025-61481: Critical Remote Code Execution Vulnerability in MikroTik RouterOS & SwitchOS

CVE-2025-43939: Dell Unity OS Command Injection (High)

Google disputes false claims of massive Gmail data breach

Microsoft: DNS outage impacts Azure and Microsoft 365 services

3.5B Accounts, 1 Critical Flaw: Meta Closes WhatsApp Data-Harvesting