CVE-2025-51511
Arbitrary File Upload in Cadmium CMS 0.4.9 Admin Module
Publication date: 2025-12-23
Last updated on: 2025-12-23
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| cadmium | cms | 0.4.9 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
Cadmium CMS version 0.4.9 has a vulnerability in its file upload feature located at /admin/content/filemanager/uploads. An attacker can upload files containing malicious code disguised as images. After uploading, the attacker can rename these files to executable script names (e.g., phpinfo.php) and then access them directly to execute malicious code on the server. This allows unauthorized arbitrary file upload and remote code execution. [1]
How can this vulnerability impact me? :
This vulnerability can allow an attacker to execute arbitrary code on your server by uploading and executing malicious scripts. This can lead to unauthorized access, data theft, server compromise, defacement, or further attacks on your infrastructure. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
You can detect this vulnerability by checking for the presence of suspicious files in the /uploads/ directory, especially files with executable extensions like .php that may have been renamed from images. For example, use commands like `find /path/to/uploads -type f \( -name '*.php' -o -name '*.php5' -o -name '*.phtml' \)` to locate potentially malicious scripts. Additionally, you can try accessing URLs such as http://yourdomain.com/uploads/phpinfo.php to see if uploaded files are executable. Monitoring web server logs for unusual access patterns to the /uploads/ directory may also help detect exploitation attempts. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include disabling or restricting file uploads through the /admin/content/filemanager/uploads interface, especially for users who do not require this functionality. Implement strict validation and sanitization of uploaded files to prevent uploading executable code disguised as images. Remove any suspicious or unknown files from the /uploads/ directory, particularly those with executable extensions. Additionally, restrict direct access to the /uploads/ directory via web server configuration to prevent execution of uploaded scripts. Applying any available patches or updates from Cadmium CMS is also recommended once released. [1]