CVE-2025-1113
Published: 07 February 2025
Description
A vulnerability was found in taisan tarzan-cms up to 1.0.0. It has been rated as critical. This issue affects the function upload of the file /admin#themes of the component Add Theme Handler. The manipulation leads to deserialization. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Security Summary
CVE-2025-1113 is a deserialization vulnerability affecting Taisan Tarzan-CMS versions up to 1.0.0. The flaw exists in the upload function of the /admin#themes endpoint within the Add Theme Handler component. Published on 2025-02-07T22:15:14.283, it has been rated as critical with a CVSS v3.1 base score of 6.3 (AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L) and maps to CWEs 20 (Improper Input Validation) and 502 (Deserialization of Untrusted Data).
A remote attacker with low privileges can exploit the vulnerability by manipulating the upload function, triggering deserialization. Successful exploitation enables limited impacts on confidentiality, integrity, and availability, such as unauthorized data access, modification, or disruption within the affected scope.
Advisories and additional details are available at https://gitee.com/taisan/tarzan-cms/issues/IBHZ0J, https://vuldb.com/?ctiid.295019, and https://vuldb.com/?id.295019. The exploit has been publicly disclosed and may be used by attackers.
Details
- CWE(s)