CVE-2025-54757
📋 TL;DR
PowerCMS versions before 6.7.1, 5.3.1, and 4.6.1 allow unrestricted upload of dangerous files. If a product administrator accesses a malicious file uploaded by a product user, arbitrary script execution may occur in the browser. This affects all PowerCMS installations with vulnerable versions.
💻 Affected Systems
- PowerCMS
📦 What is this software?
Powercms by Alfasado
Powercms by Alfasado
Powercms by Alfasado
⚠️ Risk & Real-World Impact
Worst Case
An attacker uploads a malicious file that executes arbitrary code in an administrator's browser, potentially leading to session hijacking, data theft, or further system compromise.
Likely Case
An attacker uploads a malicious script that executes in an administrator's browser, stealing session cookies or performing unauthorized actions.
If Mitigated
With proper file upload restrictions, the attack surface is reduced, but administrators accessing uploaded files remain at risk.
🎯 Exploit Status
Exploitation requires a product user account to upload files and an administrator to access them.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: PowerCMS 6.7.1, 5.3.1, or 4.6.1
Vendor Advisory: https://www.powercms.jp/news/release-powercms-671-531-461.html
Restart Required: No
Instructions:
1. Backup your PowerCMS installation and database. 2. Download the patched version from the vendor. 3. Replace the vulnerable files with the patched version. 4. Verify the update by checking the version.
🔧 Temporary Workarounds
Restrict file upload extensions
allConfigure PowerCMS to only allow safe file extensions (e.g., .jpg, .png, .pdf) and block executable or script files.
Disable file upload for product users
allTemporarily disable file upload functionality for product users until patching is complete.
🧯 If You Can't Patch
- Implement strict file upload validation on the web server level (e.g., via .htaccess or web application firewall).
- Monitor and audit file upload activities and administrator access logs for suspicious behavior.
🔍 How to Verify
Check if Vulnerable:
Check your PowerCMS version via the admin panel or by examining the CMS files. If version is below 6.7.1, 5.3.1, or 4.6.1, you are vulnerable.Check Version:
Check the PowerCMS admin dashboard or review the CMS configuration files for version information.Verify Fix Applied:
After updating, confirm the version in the admin panel matches 6.7.1, 5.3.1, or 4.6.1 or higher.📡 Detection & Monitoring
Log Indicators:
- Unusual file uploads with suspicious extensions (e.g., .html, .js, .php) from product user accounts.
- Administrator access to recently uploaded files with non-standard extensions.
Network Indicators:
- HTTP requests uploading files with dangerous extensions to PowerCMS endpoints.
SIEM Query:
source="powercms_logs" AND (event="file_upload" AND file_extension IN ("html", "js", "php", "exe")) OR (event="file_access" AND user_role="admin" AND file_extension IN ("html", "js", "php", "exe"))