CVE-2025-15093
📋 TL;DR
This CVE describes a cross-site scripting (XSS) vulnerability in sunkaifei FlyCMS's admin login component. Attackers can inject malicious scripts via the redirectUrl parameter, potentially compromising admin sessions. All FlyCMS deployments up to commit abbaa5a8daefb146ad4d61027035026b052cb414 are affected.
💻 Affected Systems
- sunkaifei FlyCMS
📦 What is this software?
Flycms by Sunkaifei
⚠️ Risk & Real-World Impact
Worst Case
Admin account takeover leading to complete system compromise, data theft, or website defacement.
Likely Case
Session hijacking of admin users, credential theft, or unauthorized administrative actions.
If Mitigated
Limited impact if proper input validation and output encoding are implemented.
🎯 Exploit Status
Exploit details are publicly available in GitHub issues. Attack requires admin login interaction but can be initiated remotely.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Unknown
Vendor Advisory: None
Restart Required: No
Instructions:
No official patch available. Vendor has not responded to disclosure. Consider applying community fixes or migrating to alternative software.
🔧 Temporary Workarounds
Input Validation Filter
allImplement server-side validation to sanitize redirectUrl parameter
Modify src/main/java/com/flycms/web/system/IndexAdminController.java to validate redirectUrl against allowed domains
Content Security Policy
allImplement CSP headers to restrict script execution
Add Content-Security-Policy header to web server configuration
🧯 If You Can't Patch
- Restrict admin panel access to trusted IP addresses only
- Implement web application firewall (WAF) rules to block XSS payloads in redirectUrl parameter
🔍 How to Verify
Check if Vulnerable:
Test admin login with redirectUrl parameter containing XSS payload like <script>alert('test')</script>Check Version:
Check git commit hash: git log --oneline -1Verify Fix Applied:
Verify that XSS payloads in redirectUrl are properly sanitized or blocked📡 Detection & Monitoring
Log Indicators:
- Unusual redirectUrl parameters in admin login requests
- JavaScript payloads in URL parameters
Network Indicators:
- HTTP requests with script tags in redirectUrl parameter to admin endpoints
SIEM Query:
web.url:*redirectUrl=*<script* OR web.url:*redirectUrl=*javascript:*