Deserialization Vulnerability in LinZhaoguan pb-cms Product
CVE-2025-2043

5.1MEDIUM

Key Information:

Vendor

Linzhaoguan

Status
Pb-cms
Vendor
CVE Published:
6 March 2025

Badges

👾 Exploit Exists

What is CVE-2025-2043?

A deserialization vulnerability has been identified in LinZhaoguan's pb-cms 1.0.0, specifically within the functionality of the Add New Topic Handler in the /admin#themes file. The issue arises from improper handling of the Topic Key parameter, resulting in a potential exploitation that could be initiated remotely. Given the nature of this vulnerability, attackers could execute arbitrary code and gain unauthorized access to systems using this software. Users are advised to review their security measures and implement any necessary updates to mitigate risks associated with this vulnerability.

Affected Version(s)

pb-cms 1.0.0

References

https://vuldb.com/?id.298787
vdb-entrytechnical-description
https://vuldb.com/?ctiid.298787
signaturepermissions-required
https://vuldb.com/?submit.513243
third-party-advisory

CVSS V4

Score:
5.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

Jing1 (VulDB User)
.