Arbitrary File Read Vulnerability in SeaCMS by SeaCMS
CVE-2025-25799

6MEDIUM

Key Information:

Vendor: SeaCMS
Status: SeaCMS
Vendor: CVE Published:; 26 February 2025

What is CVE-2025-25799?

An arbitrary file read vulnerability has been identified in SeaCMS version 13.3, specifically in the file_get_contents function located in admin_safe.php. This vulnerability allows unauthorized users to read sensitive files on the server, potentially leading to exposure of confidential data or configuration details. Website administrators are encouraged to review their SeaCMS installations and apply necessary mitigations to protect against unauthorized file access.

References

http://seacms.com

https://www.seacms.com/

https://github.com/Ka7arotto/Seacms/blob/main/Seacms13.3-...

CVSS V3.1

Score:

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 26, 2025
Vulnerability Reserved
Feb 7, 2025