Arbitrary File Read Vulnerability in SeaCMS by SeaCMS
CVE-2025-25799

6MEDIUM

Key Information:

Vendor
SeaCMS
Status
SeaCMS
Vendor
CVE Published:
26 February 2025

Summary

An arbitrary file read vulnerability has been identified in SeaCMS version 13.3, specifically in the file_get_contents function located in admin_safe.php. This vulnerability allows unauthorized users to read sensitive files on the server, potentially leading to exposure of confidential data or configuration details. Website administrators are encouraged to review their SeaCMS installations and apply necessary mitigations to protect against unauthorized file access.

References

http://seacms.com
https://www.seacms.com/
https://github.com/Ka7arotto/Seacms/blob/main/Seacms13.3-...

CVSS V3.1

Score:
6
Severity:
MEDIUM
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2025-25799 : Arbitrary File Read Vulnerability in SeaCMS by SeaCMS | SecurityVulnerability.io