CVE-2025-10116
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-09-09

Last updated on: 2026-04-29

Assigner: VulDB

Description
A vulnerability was identified in SiempreCMS up to 1.3.6. This vulnerability affects unknown code of the file /docs/admin/file_upload.php. Such manipulation leads to unrestricted upload. The attack may be launched remotely. The exploit is publicly available and might be used.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-09-09
Last Modified
2026-04-29
Generated
2026-06-16
AI Q&A
2025-09-09
EPSS Evaluated
2026-06-14
NVD
CVE-2025-10116
EUVD
EUVD-2025-33987
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
siemprecms siemprecms 1.3.6
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-434 The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.
CWE-284 The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability in Siempre CMS up to version 1.3.6 allows an attacker to upload files without authentication to arbitrary directories within the ../media/ path, including hidden module directories. Although the uploaded files cannot be executed as PHP scripts, the attacker can flood directories with many files, potentially exhausting disk space and degrading server performance. [1]

Impact Analysis

The vulnerability can lead to resource exhaustion by allowing an attacker to upload a large number of files, which can fill up disk space and degrade server performance. This may result in denial-of-service (DoS) conditions, making the affected system unavailable or unstable. [1]

Detection Guidance

This vulnerability can be detected by monitoring for unusual file uploads to the ../media/ directory and its subdirectories, especially a large number of files being uploaded that could indicate flooding attempts. Checking the file_upload.php script for unauthorized modifications or usage may also help. Commands to detect this could include: 1) Listing recently uploaded files in the media directory: `ls -ltr /path/to/siemprecms/media/` 2) Checking disk usage to detect abnormal growth: `du -sh /path/to/siemprecms/media/` 3) Monitoring web server logs for POST requests to /docs/admin/file_upload.php: `grep 'POST /docs/admin/file_upload.php' /var/log/apache2/access.log` or equivalent. 4) Using intrusion detection systems to alert on unusual upload patterns. [1]

Mitigation Strategies

Immediate mitigation steps include restricting or disabling file uploads via the /docs/admin/file_upload.php script until a patch or fix is applied. Implement access controls to ensure only authorized users can upload files. Monitor and limit the size and number of uploaded files to prevent resource exhaustion. Additionally, consider applying any available updates or patches to SiempreCMS beyond version 1.3.6 that address this vulnerability. If patching is not immediately possible, implement network-level controls such as web application firewalls to block unauthorized upload attempts. [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-10116. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart