Login Sign Up

CVE-2025-50692

9.8 CRITICAL
Remote Code Execution

📋 TL;DR

FoxCMS versions up to 1.2.5 contain a code injection vulnerability in the admin template file editor that allows authenticated attackers to execute arbitrary code on the server. This affects all FoxCMS installations with the vulnerable component enabled. Attackers with admin access can achieve remote code execution.

💻 Affected Systems

Products:
  • FoxCMS
Versions: <= v1.2.5
Operating Systems: All
Default Config Vulnerable: ⚠️ Yes
Notes: Requires admin access to the template file editor component.

📦 What is this software?

Foxcms by Foxcms

View all CVEs affecting Foxcms →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete server compromise leading to data theft, ransomware deployment, or use as a foothold for lateral movement within the network.

🟠

Likely Case

Authenticated attackers gaining shell access to the web server, potentially compromising the entire FoxCMS installation and underlying server.

🟢

If Mitigated

Attackers with admin credentials can still execute code but proper network segmentation and monitoring would limit lateral movement.

🌐 Internet-Facing: HIGH
🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires admin credentials but is straightforward once authenticated.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: Not available

Restart Required: No

Instructions:

No official patch available. Consider upgrading to a newer version if available or implementing workarounds.

🔧 Temporary Workarounds

Disable template file editor

linux

Remove or restrict access to the vulnerable admin/template_file/editFile.html component

mv /path/to/admin/template_file/editFile.html /path/to/admin/template_file/editFile.html.disabled

Implement strict access controls

all

Restrict admin panel access to specific IP addresses using web server configuration

# Apache: Require ip 192.168.1.0/24
# Nginx: allow 192.168.1.0/24; deny all;

🧯 If You Can't Patch

  • Implement network segmentation to isolate FoxCMS from critical systems
  • Enable detailed logging and monitoring for suspicious admin panel activity

🔍 How to Verify

Check if Vulnerable:

Check FoxCMS version in admin panel or configuration files. If version <= 1.2.5 and admin/template_file/editFile.html exists, system is vulnerable.

Check Version:

grep -r 'version' /path/to/foxcms/config/ files or check admin dashboard

Verify Fix Applied:

Verify editFile.html is removed/disabled or system is upgraded beyond v1.2.5

📡 Detection & Monitoring

Log Indicators:

  • Unusual POST requests to admin/template_file/editFile.html
  • Suspicious file modifications in template directories
  • Unexpected system command execution from web process

Network Indicators:

  • HTTP requests containing code injection patterns to the vulnerable endpoint
  • Outbound connections from web server to unexpected destinations

SIEM Query:

source="web_logs" AND uri="/admin/template_file/editFile.html" AND (method="POST" OR status=200)

📊 Metadata

CVE ID: CVE-2025-50692
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-94
EPSS Score: 0.15% exploit probability (35.1th percentile)
Published: August 7, 2025
Last Updated: August 14, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-50692, you might also want to check these:

CVE-2025-62521 10.0

CVE-2025-62521 is a critical pre-authentication remote code execution vulnerability in ChurchCRM tha...

Same vulnerability type (CWE-94)
CVE-2026-26216 10.0

Crawl4AI versions before 0.8.0 contain an unauthenticated remote code execution vulnerability in the...

Same vulnerability type (CWE-94)
CVE-2021-22205 10.0

CVE-2021-22205 is a critical remote code execution vulnerability in GitLab CE/EE where improper vali...

Same vulnerability type (CWE-94)