CVE-2025-2978
Published: 31 March 2025
Description
Adversaries may upload tools to third-party or adversary controlled infrastructure to make it accessible during targeting.
Security Summary
CVE-2025-2978 is a vulnerability in WCMS 11 rated as critical, affecting unknown functionality within the Article Publishing Page component at the endpoint /index.php?articleadmin/upload/?&CKEditor=container&CKEditorFuncNum=1. The issue enables unrestricted file upload through manipulation of the Upload argument and is associated with CWEs-284 (Improper Access Control) and CWE-434 (Unrestricted Upload of File with Dangerous Type). It carries a CVSS v3.1 base score of 6.3 (AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L) and was published on 2025-03-31.
The vulnerability is exploitable remotely by low-privileged users, as indicated by the PR:L requirement, with low attack complexity and no need for user interaction. Attackers can achieve low impacts on confidentiality, integrity, and availability through the unrestricted upload, potentially allowing further compromise depending on the uploaded content.
VulDB advisories detail the issue and reference a publicly disclosed proof-of-concept on GitHub demonstrating the upload leading to remote code execution (RCE). The vendor was contacted early regarding the disclosure but provided no response, and no patches or mitigations are mentioned in available references.
The exploit has been publicly disclosed and may be used in attacks, with no further details on real-world exploitation provided.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
Unrestricted file upload in public-facing WCMS 11 web application (T1190) enables uploading malware/tools (T1608.001/.002) such as PHP webshells (T1505.003) for RCE.