Vulnerability Description
A vulnerability, which was classified as problematic, was found in Yifang CMS up to 2.0.2. Affected is the function downloadFile of the file /api/File/downloadFile of the component Admin Panel. The manipulation of the argument File leads to path traversal. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Wanglongcn | Yifang | <= 2.0.2 |
Related Weaknesses (CWE)
References
- https://gitee.com/wanglongcn/yifang/issues/IC0RCXExploitIssue Tracking
- https://vuldb.com/?ctiid.310674Permissions RequiredThird Party AdvisoryVDB Entry
- https://vuldb.com/?id.310674Third Party AdvisoryVDB Entry
- https://gitee.com/wanglongcn/yifang/issues/IC0RCXExploitIssue Tracking
FAQ
What is CVE-2025-5381?
CVE-2025-5381 is a vulnerability with a CVSS score of 2.7 (LOW). A vulnerability, which was classified as problematic, was found in Yifang CMS up to 2.0.2. Affected is the function downloadFile of the file /api/File/downloadFile of the component Admin Panel. The ma...
How severe is CVE-2025-5381?
CVE-2025-5381 has been rated LOW with a CVSS base score of 2.7/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-5381?
Check the references section above for vendor advisories and patch information. Affected products include: Wanglongcn Yifang.