CVE-2025-65838 – PublicCMS V5.202506.b contains a path traversal... (How to Fix)

Q: What is the severity of CVE-2025-65838?

CVE-2025-65838 has a CVSS score of 7.5 (HIGH). PublicCMS V5.202506.b contains a path traversal vulnerability in the doUploadSitefile method that allows attackers to write arbitrary files to unintended directories. This affects all systems running the vulnerable version of PublicCMS. Attackers could potentially achieve remote code execution by writing malicious files to sensitive locations.

📋 TL;DR

PublicCMS V5.202506.b contains a path traversal vulnerability in the doUploadSitefile method that allows attackers to write arbitrary files to unintended directories. This affects all systems running the vulnerable version of PublicCMS. Attackers could potentially achieve remote code execution by writing malicious files to sensitive locations.

💻 Affected Systems

Products:

PublicCMS

Versions: V5.202506.b

Operating Systems: All operating systems running PublicCMS

Default Config Vulnerable: ⚠️ Yes

Notes: All installations of the affected version are vulnerable regardless of configuration.

📦 What is this software?

Publiccms by Publiccms

View all CVEs affecting Publiccms →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system compromise, data theft, and lateral movement within the network.

🟠

Likely Case

Unauthorized file upload to sensitive directories, potentially leading to web shell deployment and limited system access.

🟢

If Mitigated

File upload restricted to intended directories with proper input validation and access controls.

🌐 Internet-Facing: HIGH - PublicCMS is typically deployed as a web application accessible from the internet, making it directly exploitable.

🏢 Internal Only: MEDIUM - Internal deployments are still vulnerable but have reduced attack surface compared to internet-facing instances.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires authentication but the vulnerability is straightforward to exploit once authenticated.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check GitHub issues for latest patched version

Vendor Advisory: https://github.com/sanluan/PublicCMS/issues/101

Restart Required: Yes

Instructions:

1. Check the GitHub issue #101 for patch details
2. Update to the latest version of PublicCMS
3. Restart the PublicCMS application
4. Verify the fix by testing file upload functionality

🔧 Temporary Workarounds

Disable file upload functionality

all

Temporarily disable the doUploadSitefile method or file upload features

Modify PublicCMS configuration to disable file uploads
Comment out or remove file upload endpoints in code

Implement input validation filter

all

Add server-side validation to block path traversal attempts

Implement file path sanitization in upload handlers
Add regex filters to block '../' sequences in file names

🧯 If You Can't Patch

Implement strict file upload restrictions and validation at the web server level
Deploy WAF rules to detect and block path traversal attempts in file upload requests

🔍 How to Verify

Check if Vulnerable:

Test if you can upload files with path traversal sequences (e.g., '../../malicious.php') using the doUploadSitefile endpoint

Check Version:

Check PublicCMS version in admin panel or configuration files

Verify Fix Applied:

Attempt to exploit the path traversal after patching - successful uploads should be restricted to intended directories only

📡 Detection & Monitoring

Log Indicators:

Multiple failed file upload attempts with path traversal sequences
Successful uploads to non-standard directories
Unusual file types being uploaded

Network Indicators:

HTTP POST requests to upload endpoints containing '../' sequences
Unusual file upload patterns from single IP addresses

SIEM Query:

source="web_logs" AND (uri="*doUploadSitefile*" OR uri="*upload*") AND (request_body="*../*" OR filename="*../*")

📊 Metadata

CVE ID: CVE-2025-65838

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE: CWE-22

EPSS Score: 0.07% exploit probability (22.1th percentile)

Published: December 1, 2025

Last Updated: December 4, 2025

🔗 References

https://github.com/Hyperkopite/PublicCMS_Vulns/blob/main/RCE_1.md Exploit,Third Party Advisory
https://github.com/sanluan/PublicCMS Product
https://github.com/sanluan/PublicCMS/issues/101 Exploit,Issue Tracking
https://github.com/Hyperkopite/PublicCMS_Vulns/blob/main/RCE_1.md Exploit,Third Party Advisory
https://github.com/sanluan/PublicCMS/issues/101 Exploit,Issue Tracking

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-65838, you might also want to check these: