Remote Code Execution Vulnerability in SeaCMS v13.3 by SeaCMS
CVE-2025-25796

5.1MEDIUM

Key Information:

Vendor
SeaCMS
Status
SeaCMS
Vendor
CVE Published:
26 February 2025

Summary

A remote code execution vulnerability has been identified in SeaCMS v13.3, which allows an attacker to execute arbitrary code through the insecure component admin_template.php. This flaw poses a significant security risk, enabling potential unauthorized access and complete control over the affected application. Proper mitigation strategies should be implemented to secure affected installations against potential exploitation.

References

http://seacms.com
https://www.seacms.com/
https://github.com/Ka7arotto/Seacms/blob/main/Seacms13.3-...

CVSS V3.1

Score:
5.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
High
Availability:
Low
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2025-25796 : Remote Code Execution Vulnerability in SeaCMS v13.3 by SeaCMS | SecurityVulnerability.io