CVE-2025-25799 – SeaCMS 13.3 contains an arbitrary file read vul... (How to Fix)

Q: What is the severity of CVE-2025-25799?

CVE-2025-25799 has a CVSS score of 6.0 (MEDIUM). SeaCMS 13.3 contains an arbitrary file read vulnerability in the admin_safe.php file that allows attackers to read sensitive files on the server. This affects all SeaCMS 13.3 installations with default configurations. Attackers can potentially access configuration files, credentials, and other sensitive data.

📋 TL;DR

SeaCMS 13.3 contains an arbitrary file read vulnerability in the admin_safe.php file that allows attackers to read sensitive files on the server. This affects all SeaCMS 13.3 installations with default configurations. Attackers can potentially access configuration files, credentials, and other sensitive data.

💻 Affected Systems

Products:

SeaCMS

Versions: 13.3

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: Requires admin panel access, but default installations may have weak credentials.

📦 What is this software?

Seacms by Seacms

View all CVEs affecting Seacms →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete server compromise through reading sensitive configuration files containing database credentials, followed by database takeover and potential lateral movement.

🟠

Likely Case

Exposure of sensitive configuration files, database credentials, and application secrets leading to data breaches and unauthorized access.

🟢

If Mitigated

Limited impact with proper file permissions and network segmentation preventing access to critical system files.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires admin panel access, but proof-of-concept is publicly available.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: https://www.seacms.com/

Restart Required: No

Instructions:

1. Check vendor website for security updates. 2. Apply any available patches. 3. Verify the fix by testing the vulnerability.

🔧 Temporary Workarounds

Restrict admin panel access

all

Limit access to admin_safe.php and admin panel to trusted IP addresses only.

# Add to .htaccess for Apache:
Order Deny,Allow
Deny from all
Allow from 192.168.1.0/24
# For nginx:
location /admin_safe.php {
    allow 192.168.1.0/24;
    deny all;
}

File permission hardening

linux

Set strict file permissions on sensitive configuration files.

chmod 600 config.php
chmod 600 database.php
chown www-data:www-data config.php

🧯 If You Can't Patch

Implement strict network segmentation to isolate the SeaCMS server.
Deploy a web application firewall (WAF) with file read protection rules.

🔍 How to Verify

Check if Vulnerable:

Attempt to access admin_safe.php with file read parameters. Check if you can read /etc/passwd or other sensitive files.

Check Version:

Check SeaCMS version in admin panel or look for version.txt file.

Verify Fix Applied:

Test the same exploit after applying fixes to confirm file read is no longer possible.

📡 Detection & Monitoring

Log Indicators:

Unusual file read attempts in access logs
Multiple requests to admin_safe.php with file parameters
Failed authentication attempts to admin panel

Network Indicators:

HTTP requests containing file paths in parameters
Traffic to admin_safe.php from unexpected sources

SIEM Query:

source="web_logs" AND uri="/admin_safe.php" AND (param="file" OR param="path")

📊 Metadata

CVE ID: CVE-2025-25799

CVSS v3 Score: 6.0 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N

CWE: CWE-552

EPSS Score: 0.04% exploit probability (12.1th percentile)

Published: February 26, 2025

Last Updated: March 28, 2025

🔗 References

http://seacms.com Product
https://github.com/Ka7arotto/Seacms/blob/main/Seacms13.3-lrf.md Exploit,Third Party Advisory
https://www.seacms.com/ Product

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-25799, you might also want to check these: