Vulnerability Description
A vulnerability classified as critical has been found in slackero phpwcms up to 1.9.45/1.10.8. Affected is the function is_file/getimagesize of the file image_resized.php. The manipulation of the argument imgfile leads to deserialization. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.9.46 and 1.10.9 is able to address this issue. It is recommended to upgrade the affected component.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Phpwcms | Phpwcms | < 1.9.46 |
Related Weaknesses (CWE)
References
- https://github.com/3em0/cve_repo/blob/main/phpwcms/image_resized%23getimagesize.ExploitThird Party Advisory
- https://github.com/slackero/phpwcms/releases/tag/v1.10.9Release Notes
- https://vuldb.com/?ctiid.310914Permissions RequiredVDB Entry
- https://vuldb.com/?id.310914Third Party AdvisoryVDB Entry
- https://vuldb.com/?submit.578082Third Party AdvisoryVDB Entry
- https://vuldb.com/?submit.578083Third Party AdvisoryVDB Entry
FAQ
What is CVE-2025-5499?
CVE-2025-5499 is a vulnerability with a CVSS score of 7.3 (HIGH). A vulnerability classified as critical has been found in slackero phpwcms up to 1.9.45/1.10.8. Affected is the function is_file/getimagesize of the file image_resized.php. The manipulation of the argu...
How severe is CVE-2025-5499?
CVE-2025-5499 has been rated HIGH with a CVSS base score of 7.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-5499?
Check the references section above for vendor advisories and patch information. Affected products include: Phpwcms Phpwcms.