CVE-2025-25361 – This vulnerability allows attackers to upload m... (How to Fix)

Q: What is the severity of CVE-2025-25361?

CVE-2025-25361 has a CVSS score of 9.8 (CRITICAL). This vulnerability allows attackers to upload malicious SVG or XML files to PublicCMS v4.0.202406, potentially leading to remote code execution. Attackers can exploit the /cms/CmsWebFileAdminController.java component to upload arbitrary files, which could compromise the entire system. Organizations using PublicCMS v4.0.202406 are affected.

📋 TL;DR

This vulnerability allows attackers to upload malicious SVG or XML files to PublicCMS v4.0.202406, potentially leading to remote code execution. Attackers can exploit the /cms/CmsWebFileAdminController.java component to upload arbitrary files, which could compromise the entire system. Organizations using PublicCMS v4.0.202406 are affected.

💻 Affected Systems

Products:

PublicCMS

Versions: v4.0.202406

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects systems with the vulnerable component accessible, typically web-facing installations.

📦 What is this software?

Publiccms by Publiccms

View all CVEs affecting Publiccms →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with attacker gaining full control over the server, data exfiltration, and lateral movement to other systems.

🟠

Likely Case

Webshell deployment leading to data theft, defacement, or use as a pivot point for further attacks.

🟢

If Mitigated

File upload blocked or sanitized, preventing malicious file execution while maintaining normal functionality.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires file upload access to the vulnerable endpoint; authentication requirements depend on configuration.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: Unknown

Restart Required: No

Instructions:

Check for vendor updates; if unavailable, apply workarounds or upgrade to a newer version if patched.

🔧 Temporary Workarounds

Restrict File Upload Types

all

Configure web server or application to block SVG and XML file uploads to the vulnerable endpoint.

# Example for Apache: Add to .htaccess
<FilesMatch "\.(svg|xml)$">
    Order Allow,Deny
    Deny from all
</FilesMatch>
# Example for Nginx: Add to server block
location ~* \.(svg|xml)$ {
    deny all;
}

Disable Vulnerable Component

linux

Remove or restrict access to /cms/CmsWebFileAdminController.java if not required.

# Rename or move the vulnerable file
mv /path/to/CmsWebFileAdminController.java /path/to/CmsWebFileAdminController.java.disabled
# Or set restrictive permissions
chmod 000 /path/to/CmsWebFileAdminController.java

🧯 If You Can't Patch

Implement strict input validation and sanitization for file uploads, rejecting SVG and XML files.
Deploy a Web Application Firewall (WAF) with rules to block malicious file uploads and monitor for exploitation attempts.

🔍 How to Verify

Check if Vulnerable:

Check if PublicCMS version is v4.0.202406 and the /cms/CmsWebFileAdminController.java endpoint is accessible for file uploads.

Check Version:

Check application configuration files or admin panel for version information; no standard command available.

Verify Fix Applied:

Test file upload functionality with SVG/XML files; successful upload should be blocked or sanitized.

📡 Detection & Monitoring

Log Indicators:

Unusual file uploads to /cms/CmsWebFileAdminController.java, especially SVG or XML files.
Increased error logs related to file processing or execution attempts.

Network Indicators:

HTTP POST requests to the vulnerable endpoint with file uploads.
Unusual outbound connections from the server post-upload.

SIEM Query:

Example: source="web_logs" AND (uri="/cms/CmsWebFileAdminController.java" AND method="POST" AND (file_extension="svg" OR file_extension="xml"))

📊 Metadata

CVE ID: CVE-2025-25361

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-434

EPSS Score: 0.81% exploit probability (73.8th percentile)

Published: March 6, 2025

Last Updated: July 1, 2025

🔗 References

https://github.com/c0rdXy/POC/blob/master/CVE/PublicCMS/XSS_02/XSS_02.md Exploit,Third Party Advisory
https://github.com/c0rdXy/POC/blob/master/CVE/PublicCMS/XSS_02/XSS_02.md Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-25361, you might also want to check these: