CVE-2025-7953
BaseFortify
Publication date: 2025-07-22
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| publiccms | publiccms | to 5.202506.b (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-601 | The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an open redirect issue in Sanluan PublicCMS up to version 5.202506.a. It occurs due to improper processing of the 'File' argument in the file publiccms-parent/publiccms/src/main/webapp/resource/plugins/pdfjs/viewer.html. An attacker can manipulate this argument to redirect users to a malicious site. The vulnerability can be exploited remotely and has been publicly disclosed.
How can this vulnerability impact me? :
The vulnerability can lead to open redirect attacks, which may cause users to be redirected to malicious websites without their consent. This can result in phishing attacks, loss of user trust, and potential exposure to further attacks or malware. Since the attack can be initiated remotely, it poses a risk to any user accessing the affected system.
What immediate steps should I take to mitigate this vulnerability?
Apply the patch named f1af17af004ca9345c6fe4d5936d87d008d26e75 to fix the vulnerability in Sanluan PublicCMS up to version 5.202506.a.