Deserialization Vulnerability in XunRuiCMS by dayrui
CVE-2025-1186
5.3MEDIUM
Key Information:
Badges
👾 Exploit Exists
What is CVE-2025-1186?
A deserialization vulnerability has been identified in XunRuiCMS, impacting versions up to 4.6.4. The flaw resides in the file /Control/Api/Api.php, where manipulation of the argument 'thumb' allows for unsanitized data to be processed. This could enable an attacker to execute arbitrary code remotely, posing a significant security risk. The public disclosure of this exploit heightens the urgency for users to assess their systems and implement appropriate mitigations.
Affected Version(s)
XunRuiCMS 4.6.0
XunRuiCMS 4.6.1
XunRuiCMS 4.6.2