CVE-2025-15264 – This vulnerability allows attackers to perform ... (How to Fix)

Q: What is the severity of CVE-2025-15264?

CVE-2025-15264 has a CVSS score of 7.3 (HIGH). This vulnerability allows attackers to perform Server-Side Request Forgery (SSRF) attacks against FeehiCMS installations up to version 2.1.1. By manipulating the 'src' parameter in the TimThumb component, attackers can force the server to make unauthorized requests to internal or external systems. This affects all FeehiCMS users running vulnerable versions with the TimThumb component accessible.

📋 TL;DR

This vulnerability allows attackers to perform Server-Side Request Forgery (SSRF) attacks against FeehiCMS installations up to version 2.1.1. By manipulating the 'src' parameter in the TimThumb component, attackers can force the server to make unauthorized requests to internal or external systems. This affects all FeehiCMS users running vulnerable versions with the TimThumb component accessible.

💻 Affected Systems

Products:

FeehiCMS

Versions: Up to and including 2.1.1

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: Requires TimThumb component to be accessible via frontend/web/timthumb.php

📦 What is this software?

Feehicms by Feehi

View all CVEs affecting Feehicms →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could access internal services, exfiltrate sensitive data, or pivot to attack other internal systems by using the vulnerable server as a proxy.

🟠

Likely Case

Attackers scan for vulnerable instances and use them to probe internal networks, access metadata services, or interact with internal APIs.

🟢

If Mitigated

With proper network segmentation and egress filtering, impact is limited to the server itself making unauthorized outbound requests.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploit has been publicly disclosed and requires minimal technical skill to execute.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: None available

Restart Required: No

Instructions:

No official patch available. Consider upgrading to a newer version if available, or implement workarounds.

🔧 Temporary Workarounds

Remove TimThumb file

linux

Delete or rename the vulnerable timthumb.php file to prevent exploitation

rm frontend/web/timthumb.php
mv frontend/web/timthumb.php frontend/web/timthumb.php.disabled

Block access via web server

all

Configure web server to deny access to timthumb.php

# Apache: Add to .htaccess
<Files "timthumb.php">
    Order Allow,Deny
    Deny from all
</Files>
# Nginx: Add to server block
location ~* /timthumb\.php$ {
    deny all;
    return 403;
}

🧯 If You Can't Patch

Implement strict egress filtering to limit outbound connections from the server
Deploy a WAF with SSRF protection rules to block malicious requests

🔍 How to Verify

Check if Vulnerable:

Check if file exists: ls -la frontend/web/timthumb.php

Check Version:

Check composer.json or version file in FeehiCMS installation directory

Verify Fix Applied:

Verify file is removed or inaccessible: curl -I https://yoursite.com/frontend/web/timthumb.php should return 404 or 403

📡 Detection & Monitoring

Log Indicators:

Unusual requests to timthumb.php with external URLs in src parameter
Outbound connections from web server to unexpected internal IPs

Network Indicators:

HTTP requests with src parameter containing internal IP addresses or domains
Web server making requests to metadata services (169.254.169.254)

SIEM Query:

web_access_logs | where url contains "timthumb.php" and url contains "src="

📊 Metadata

CVE ID: CVE-2025-15264

CVSS v3 Score: 7.3 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

CWE: CWE-918

EPSS Score: 0.04% exploit probability (13.1th percentile)

Published: December 30, 2025

Last Updated: January 7, 2026

🔗 References

https://vuldb.com/?ctiid.338663 Permissions Required,VDB Entry
https://vuldb.com/?id.338663 Third Party Advisory,VDB Entry
https://vuldb.com/?submit.718278 Third Party Advisory,VDB Entry

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-15264, you might also want to check these: