Remote Code Execution Vulnerability in SeaCMS by SeaCMS
CVE-2025-25792

4.4MEDIUM

Key Information:

Vendor
SeaCMS
Status
SeaCMS
Vendor
CVE Published:
26 February 2025

Summary

A remote code execution (RCE) vulnerability has been identified in SeaCMS version 13.3, where an unauthorized attacker could exploit the 'isopen' parameter in 'admin_weixin.php'. This flaw enables attackers to execute arbitrary commands on the server, potentially compromising sensitive data and system integrity.

References

http://seacms.com
https://www.seacms.com/
https://github.com/Ka7arotto/Seacms/blob/main/seacmsv13.3...

CVSS V3.1

Score:
4.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2025-25792 : Remote Code Execution Vulnerability in SeaCMS by SeaCMS | SecurityVulnerability.io