CVE-2025-12347

CVSS 6.3 Medium
  • CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
  • Published: 1761621334
  • Last modified: 1761621334

CVE-2025-12347 — A flaw has been found in MaxSite CMS up to 109. This issue affects some unknown processing of the file application/maxsite/admin/plugins/editor_files/save-file-ajax.php. Executing manipulation of the argument file_path/content can lead to unrestricted upload. The attack can be executed remotely. The exploit has been published and may be used. The vendor was… [Severity (CVSS) 6.3]

Related CVE by CWE

No closely related CVE found.

Risk snapshot

EPSS: n/a   |   KEV: not listed

Related CVE by CWE

No related CWE found.

Top CVE for Vendor

No vendor taxonomy on this entry.

Recently Exploited Similar Vulnerabilities

No recent KEV-listed items for this vendor/product.

A flaw has been found in MaxSite CMS up to 109. This issue affects some unknown processing of the file application/maxsite/admin/plugins/editor_files/save-file-ajax.php. Executing manipulation of the argument file_path/content can lead to unrestricted upload. The attack can be executed remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

🧠 Explainer: What this vulnerability means

Summary: This vulnerability affects the product by the vendor (CWE: unspecified).

Impact: Potential impact includes remote code execution, data theft, or denial of service.

Mitigation: Upgrade immediately to the remediated release and follow vendor hardening guidance.

No vendor/product data yet.

No explicit mitigation/advisory links found in references.