CVE-2025-8266
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-07-28

Last updated on: 2026-04-29

Assigner: VulDB

Description
A vulnerability has been found in yanyutao0402 ChanCMS up to 3.1.2 and classified as critical. Affected by this vulnerability is the function getArticle of the file app/modules/cms/controller/collect.js. The manipulation of the argument targetUrl leads to deserialization. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 3.1.3 is able to address this issue. It is recommended to upgrade the affected component.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-07-28
Last Modified
2026-04-29
Generated
2026-05-07
AI Q&A
2025-07-28
EPSS Evaluated
2026-05-05
NVD
CVE-2025-8266
EUVD
EUVD-2025-22863
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
chancms chancms to 3.1.3 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-20 The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
CWE-502 The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

CVE-2025-8266 is a critical Remote Code Execution (RCE) vulnerability in ChanCMS versions up to 3.1.2. It exists in the getArticle function of the collect.js file, where the targetUrl and parseData parameters are improperly handled. Specifically, the parseData parameter is used to dynamically create and execute JavaScript code without any input validation or sanitization. This allows an attacker to inject and execute arbitrary JavaScript code remotely, including system commands, leading to full system compromise. [1, 2, 3]


How can this vulnerability impact me? :

Exploitation of this vulnerability allows remote attackers to execute arbitrary system commands on the server hosting ChanCMS. This can lead to full system compromise, unauthorized data access or theft, disruption of service, and further attacks on the affected system or network. [2, 3]


How can this vulnerability be detected on my network or system? Can you suggest some commands?

This vulnerability can be detected by monitoring for requests to the /cms/gather/getArticle endpoint that include suspicious or malicious payloads in the targetUrl or parseData parameters. Specifically, look for HTTP requests that attempt to inject JavaScript code or system commands via these parameters. For detection, you can use network monitoring tools or web server logs to search for such patterns. Example commands include using curl to test the endpoint with a payload similar to the proof-of-concept: curl -G --data-urlencode "targetUrl=http://example.com" --data-urlencode "parseData=return process.mainModule.require('child_process').execSync('calc').toString()" http://yourserver:7001/cms/gather/getArticle. Additionally, you can use grep or similar tools on server logs to find requests containing suspicious parseData or targetUrl parameters. [3]


What immediate steps should I take to mitigate this vulnerability?

The immediate and recommended mitigation step is to upgrade ChanCMS to version 3.1.3 or later, as this version addresses the vulnerability. Until the upgrade can be applied, you should restrict access to the /cms/gather/getArticle endpoint, implement input validation or filtering on the targetUrl and parseData parameters to prevent malicious code execution, and monitor for suspicious activity. Applying network-level protections such as web application firewalls (WAF) to block exploit attempts can also help mitigate risk. [1, 2]


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart