CVE-2025-12347 – This vulnerability in MaxSite CMS allows remote... (How to Fix)

Q: What is the severity of CVE-2025-12347?

CVE-2025-12347 has a CVSS score of 6.3 (MEDIUM). This vulnerability in MaxSite CMS allows remote attackers to upload arbitrary files without proper restrictions. It affects MaxSite CMS versions up to 109 through manipulation of file upload parameters in the admin plugins editor. Attackers can exploit this to upload malicious files to vulnerable systems.

📋 TL;DR

This vulnerability in MaxSite CMS allows remote attackers to upload arbitrary files without proper restrictions. It affects MaxSite CMS versions up to 109 through manipulation of file upload parameters in the admin plugins editor. Attackers can exploit this to upload malicious files to vulnerable systems.

💻 Affected Systems

Products:

MaxSite CMS

Versions: Up to version 109

Operating Systems: All platforms running MaxSite CMS

Default Config Vulnerable: ⚠️ Yes

Notes: Affects the admin plugins editor component; requires admin access or path traversal to vulnerable endpoint.

📦 What is this software?

Maxsite Cms by Max 3000

View all CVEs affecting Maxsite Cms →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system compromise, data theft, or ransomware deployment.

🟠

Likely Case

Webshell upload enabling persistent backdoor access and further system exploitation.

🟢

If Mitigated

File upload attempts blocked or logged with no successful exploitation.

🌐 Internet-Facing: HIGH - Attack can be executed remotely without authentication.

🏢 Internal Only: MEDIUM - Internal attackers could exploit if system is accessible internally.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploit details published online; requires admin access or ability to reach vulnerable endpoint.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown - vendor did not respond to disclosure

Vendor Advisory: None available

Restart Required: No

Instructions:

No official patch available. Consider upgrading to version 110+ if available or implementing workarounds.

🔧 Temporary Workarounds

Restrict access to vulnerable endpoint

all

Block or restrict access to /application/maxsite/admin/plugins/editor_files/save-file-ajax.php

# Apache: RewriteRule ^application/maxsite/admin/plugins/editor_files/save-file-ajax\.php$ - [F]
# Nginx: location ~ /application/maxsite/admin/plugins/editor_files/save-file-ajax\.php { deny all; }

Implement file upload validation

all

Add server-side validation for file uploads including file type checking and size limits

# Add to save-file-ajax.php: $allowed_types = ['jpg', 'png', 'gif']; $max_size = 5242880;

🧯 If You Can't Patch

Implement web application firewall (WAF) rules to block file upload exploits
Disable the plugins editor functionality entirely if not needed

🔍 How to Verify

Check if Vulnerable:

Check if MaxSite CMS version is ≤109 and if /application/maxsite/admin/plugins/editor_files/save-file-ajax.php exists and is accessible.

Check Version:

Check MaxSite CMS configuration files or admin panel for version information.

Verify Fix Applied:

Test file upload functionality with malicious files; successful upload indicates vulnerability.

📡 Detection & Monitoring

Log Indicators:

POST requests to save-file-ajax.php with unusual file extensions
File uploads with executable extensions (.php, .exe, .sh)

Network Indicators:

Unusual file upload traffic to admin plugins endpoint
POST requests with file upload parameters

SIEM Query:

source="web_logs" AND uri="/application/maxsite/admin/plugins/editor_files/save-file-ajax.php" AND (method="POST" OR file_extension IN ("php", "exe", "sh"))

📊 Metadata

CVE ID: CVE-2025-12347

CVSS v3 Score: 6.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CWE: CWE-284

EPSS Score: 0.05% exploit probability (14.8th percentile)

Published: October 28, 2025

Last Updated: November 6, 2025

🔗 References

https://note-hxlab.wetolink.com/share/lIWZkTHQPSVh Exploit,Third Party Advisory
https://vuldb.com/?ctiid.330137 Permissions Required,VDB Entry
https://vuldb.com/?id.330137 Third Party Advisory,VDB Entry
https://vuldb.com/?submit.674552 Third Party Advisory,VDB Entry

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-12347, you might also want to check these: