CVE-2025-65657
BaseFortify
Publication date: 2025-12-02
Last updated on: 2025-12-04
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| feehi | feehi_cms | 2.1.1 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-77 | The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in FeehiCMS version 2.1.1 allows an authenticated remote attacker to upload malicious files, specifically crafted PHP files, through the Ad Management feature. Because the application does not properly validate or restrict these uploaded files, the server may execute them, leading to remote code execution (RCE).
How can this vulnerability impact me? :
If exploited, this vulnerability can allow an attacker to execute arbitrary code on the server hosting FeehiCMS. This can lead to full compromise of the server, unauthorized access to data, disruption of services, and potentially further attacks within the network.