CVE-2025-25793 – SeaCMS v13.3 contains a remote code execution v... (How to Fix)

Q: What is the severity of CVE-2025-25793?

CVE-2025-25793 has a CVSS score of 5.1 (MEDIUM). SeaCMS v13.3 contains a remote code execution vulnerability in the admin_notify.php component that allows attackers to execute arbitrary code on affected systems. This affects all SeaCMS v13.3 installations with the vulnerable component accessible. Attackers could potentially gain full control of the web server.

📋 TL;DR

SeaCMS v13.3 contains a remote code execution vulnerability in the admin_notify.php component that allows attackers to execute arbitrary code on affected systems. This affects all SeaCMS v13.3 installations with the vulnerable component accessible. Attackers could potentially gain full control of the web server.

💻 Affected Systems

Products:

SeaCMS

Versions: v13.3

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: Requires admin_notify.php to be accessible, which is typically part of the admin interface.

📦 What is this software?

Seacms by Seacms

View all CVEs affecting Seacms →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise allowing attackers to execute arbitrary commands, install malware, steal data, pivot to internal networks, and maintain persistent access.

🟠

Likely Case

Web server compromise leading to website defacement, data theft, cryptocurrency mining, or use as part of a botnet.

🟢

If Mitigated

Limited impact if proper network segmentation, web application firewalls, and least privilege principles are implemented.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires access to the admin interface, making authentication bypass or stolen credentials necessary for attack.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: https://www.seacms.com/

Restart Required: No

Instructions:

1. Check vendor website for security updates. 2. If patch available, download and apply according to vendor instructions. 3. Test functionality after patching.

🔧 Temporary Workarounds

Restrict admin_notify.php access

all

Block access to the vulnerable component using web server configuration or firewall rules.

# Apache: <Location /admin/admin_notify.php> Require all denied </Location>
# Nginx: location ~ /admin/admin_notify.php { deny all; }

Implement Web Application Firewall

all

Deploy WAF rules to block RCE attempts targeting admin_notify.php.

🧯 If You Can't Patch

Isolate SeaCMS instance in a DMZ with strict inbound/outbound firewall rules
Implement multi-factor authentication for admin access and monitor for suspicious login attempts

🔍 How to Verify

Check if Vulnerable:

Check if SeaCMS version is 13.3 and admin_notify.php exists in the admin directory.

Check Version:

Check SeaCMS configuration files or admin panel for version information.

Verify Fix Applied:

Verify admin_notify.php is patched or inaccessible, and test with known exploit attempts.

📡 Detection & Monitoring

Log Indicators:

Unusual POST requests to admin_notify.php
System command execution in web logs
Unauthorized admin login attempts

Network Indicators:

Outbound connections from web server to suspicious IPs
Unusual traffic patterns to admin interface

SIEM Query:

source="web_logs" AND (url="*admin_notify.php*" AND (method="POST" OR params="*cmd*" OR params="*system*"))

📊 Metadata

CVE ID: CVE-2025-25793

CVSS v3 Score: 5.1 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:N

CWE: CWE-77

EPSS Score: 0.09% exploit probability (25.5th percentile)

Published: February 26, 2025

Last Updated: March 28, 2025

🔗 References

http://seacms.com Product
https://github.com/Ka7arotto/Seacms/blob/main/Seacms13.3-rce-3.md Exploit,Third Party Advisory
https://www.seacms.com/ Product

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-25793, you might also want to check these: