Server-Side Request Forgery in PbootCMS Image Handler Component
CVE-2025-3787

6.5MEDIUM

Key Information:

Vendor: PbootCMS
Status: PbootCMS
Vendor: CVE Published:; 18 April 2025

What is CVE-2025-3787?

A serious vulnerability exists in PbootCMS version 3.2.5, specifically within an unknown function of the Image Handler component. This security flaw allows for server-side request forgery, enabling malicious actors to exploit the platform remotely. With the potential for unauthorized access to sensitive internal resources, this vulnerability poses a significant risk to affected installations. Users are strongly advised to take immediate action to safeguard their systems and review security measures.

References

https://github.com/KKDT12138/CVE/blob/main/cve6.pdf

https://vuldb.com/?ctiid.305610

https://vuldb.com/?id.305610

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 18, 2025

CVE-2025-3787 Data

JSON