CVE-2025-29287 – net.mingsoft:ms-mcms

Package

Manager: maven
Name: net.mingsoft:ms-mcms
Vulnerable Version: >=0 <5.4.4

Severity

Level: Critical

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

EPSS: 0.00139 pctl0.34553

Details

MCMS allows arbitrary file uploads in the ueditor component An arbitrary file upload vulnerability in the ueditor component of MCMS v5.4.3 allows attackers to execute arbitrary code via uploading a crafted file.

Metadata

Created: 2025-04-21T15:31:25Z
Modified: 2025-04-21T16:19:46Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/04/GHSA-3922-2r6r-r4fv/GHSA-3922-2r6r-r4fv.json
CWE IDs: ["CWE-434"]
Alternative ID: GHSA-3922-2r6r-r4fv
Finding: F027
Auto approve: 1