CVE-2025-70073 – A remote code execution vulnerability in Chestn... (How to Fix)

Q: What is the severity of CVE-2025-70073?

CVE-2025-70073 has a CVSS score of 7.2 (HIGH). A remote code execution vulnerability in ChestnutCMS v1.5.8 and earlier allows attackers to execute arbitrary code through the template creation function. This affects all systems running vulnerable versions of ChestnutCMS, potentially compromising the entire web server.

📋 TL;DR

A remote code execution vulnerability in ChestnutCMS v1.5.8 and earlier allows attackers to execute arbitrary code through the template creation function. This affects all systems running vulnerable versions of ChestnutCMS, potentially compromising the entire web server.

💻 Affected Systems

Products:

ChestnutCMS

Versions: v1.5.8 and earlier

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: All installations with template creation functionality enabled are vulnerable.

📦 What is this software?

Chestnutcms by 1000mz

View all CVEs affecting Chestnutcms →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete server compromise leading to data theft, malware deployment, lateral movement to other systems, and persistent backdoor installation.

🟠

Likely Case

Webshell deployment allowing file system access, data exfiltration, and further exploitation of the hosting environment.

🟢

If Mitigated

Limited impact if proper network segmentation, web application firewalls, and least privilege principles are implemented.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires authentication to access template creation functionality.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: https://github.com/liweiyi/ChestnutCMS/issues/8

Restart Required: No

Instructions:

No official patch available. Consider upgrading to a newer version if available or implementing workarounds.

🔧 Temporary Workarounds

Disable Template Creation

all

Remove or restrict access to template creation functionality in ChestnutCMS admin interface.

Modify CMS configuration to disable template management module

Web Application Firewall Rules

all

Implement WAF rules to block suspicious template creation requests and code execution patterns.

Add WAF rules to detect and block template file uploads with executable code

🧯 If You Can't Patch

Isolate ChestnutCMS instance in a dedicated network segment with strict egress filtering
Implement strict access controls and multi-factor authentication for admin accounts

🔍 How to Verify

Check if Vulnerable:

Check ChestnutCMS version in admin panel or configuration files. Versions 1.5.8 and earlier are vulnerable.

Check Version:

Check CMS version in admin dashboard or examine version files in installation directory

Verify Fix Applied:

Test template creation functionality with malicious payloads after implementing workarounds.

📡 Detection & Monitoring

Log Indicators:

Unusual template creation events
File uploads with executable extensions
Suspicious POST requests to template endpoints

Network Indicators:

Outbound connections from web server to unknown IPs
Unusual traffic patterns from CMS admin interface

SIEM Query:

source="chestnutcms" AND (event="template_create" OR event="file_upload") AND (file_extension="php" OR file_extension="jsp" OR file_extension="asp")

📊 Metadata

CVE ID: CVE-2025-70073

CVSS v3 Score: 7.2 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-94

EPSS Score: 0.31% exploit probability (53.3th percentile)

Published: February 5, 2026

Last Updated: February 12, 2026

🔗 References

https://github.com/liweiyi/ChestnutCMS/issues/8 Exploit,Vendor Advisory,Issue Tracking

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-70073, you might also want to check these: