Remote Code Execution Vulnerability in SeaCMS 13.3
CVE-2025-25797

5.1MEDIUM

Key Information:

Vendor
SeaCMS
Status
SeaCMS
Vendor
CVE Published:
26 February 2025

Summary

SeaCMS version 13.3 was found to have a critical remote code execution vulnerability, exposing the application to potential exploitation through the admin_smtp.php component. This vulnerability allows attackers to execute arbitrary code, compromising system integrity and security. Users of SeaCMS are advised to review their systems and consider applying necessary security updates to mitigate risks associated with this vulnerability.

References

http://seacms.com
https://www.seacms.com/
https://github.com/Ka7arotto/Seacms/blob/main/Seacms13.3-...

CVSS V3.1

Score:
5.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
High
Availability:
Low
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2025-25797 : Remote Code Execution Vulnerability in SeaCMS 13.3 | SecurityVulnerability.io