CVE-2025-15009
Unknown Unknown - Not Provided
Unrestricted File Upload in ChestnutCMS Filename Handler

Publication date: 2025-12-22

Last updated on: 2026-04-29

Assigner: VulDB

Description
A flaw has been found in liweiyi ChestnutCMS up to 1.5.8. This vulnerability affects the function FilenameUtils.getExtension of the file /dev-api/common/upload of the component Filename Handler. Executing manipulation of the argument File can lead to unrestricted upload. The attack may be launched remotely. The exploit has been published and may be used.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-22
Last Modified
2026-04-29
Generated
2026-06-16
AI Q&A
2025-12-22
EPSS Evaluated
2026-06-15
NVD
CVE-2025-15009
EUVD
EUVD-2025-204682
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
liweiyi chestnutcms 1.5.8
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-434 The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.
CWE-284 The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in liweiyi ChestnutCMS up to version 1.5.8, specifically in the FilenameUtils.getExtension function used in the /dev-api/common/upload endpoint. Due to flawed file extension extraction logic, an attacker can manipulate the filename argument to bypass file extension restrictions and perform an unrestricted file upload. This allows the attacker to upload arbitrary and potentially malicious files remotely by exploiting how the system parses filenames containing certain substrings like '://' and 'wx_fmt='. [2, 3]

Impact Analysis

The vulnerability can lead to unauthorized and unrestricted file uploads, allowing attackers to upload potentially dangerous files that the system might automatically process. This can compromise the confidentiality, integrity, and availability of the affected system. Since the exploit can be launched remotely and a proof-of-concept is publicly available, attackers can use this flaw to execute malicious code, deface websites, or disrupt services. [2]

Detection Guidance

Detection can focus on monitoring requests to the /dev-api/common/upload endpoint for suspicious file upload attempts, especially those with filenames containing the substrings '://' and 'wx_fmt=' which exploit the flawed file extension parsing. Network traffic inspection or web server logs can be analyzed for such patterns. Specific commands depend on the environment, but for example, using grep on web server logs to find suspicious uploads: grep '/dev-api/common/upload' /var/log/nginx/access.log | grep 'wx_fmt=' or using network monitoring tools to filter HTTP POST requests to that endpoint with suspicious filenames. Additionally, scanning for the presence of ChestnutCMS versions up to 1.5.8 can help identify vulnerable systems. [3, 2]

Mitigation Strategies

Currently, no known countermeasures or mitigations exist for this vulnerability. It is suggested to consider replacing the affected product (liweiyi ChestnutCMS versions up to 1.5.8) with an alternative. As an immediate step, restrict or disable the /dev-api/common/upload endpoint if possible, implement strict network access controls, and monitor for exploitation attempts. Applying web application firewalls (WAF) rules to block suspicious upload patterns may also help reduce risk until a patch or update is available. [2]

Compliance Impact

The provided resources do not contain information regarding the impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-15009. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart