CVE-2025-11941

CVE-2025-11941 is a path traversal vulnerability (CWE-22) affecting e107 CMS versions up to 2.3.3. The issue resides in an unknown function within the Avatar Handler component, specifically the file /e107_admin/image.php?mode=main&action=avatar. By manipulating the multiaction[] argument, attackers can traverse paths outside the intended directory. The vulnerability carries a CVSS v3.1 base score of 5.4 (AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L), indicating medium severity with network accessibility, low attack complexity, and low privilege requirements.

Low-privileged remote users (PR:L) can exploit this vulnerability without user interaction. Successful exploitation enables limited integrity and availability impacts (I:L/A:L), such as potential file modifications or disruptions via path traversal, though confidentiality remains unaffected (C:N). The attack is fully remote and straightforward given the low complexity.

Advisories from VulDB and related disclosures note that the exploit is public and available, including a proof-of-concept. The vendor was contacted early but provided no response, and no patches or mitigations are mentioned in the available references.

Notable context includes the public availability of the exploit, increasing the risk of active use against unpatched e107 CMS installations up to version 2.3.3.