Insecure Permissions in SparkShop by Vendor Name
CVE-2025-50722

9.8CRITICAL

Key Information:

Vendor: Vendor Name
Status: SparkShop
Vendor: CVE Published:; 25 August 2025

🔔 Create Vendor Name Vulnerability Alert

What is CVE-2025-50722?

The insecure permissions vulnerability in SparkShop v1.1.7 allows remote attackers to leverage the Common.php component to execute arbitrary code. This vulnerability poses a significant risk as it can be exploited to compromise the integrity and confidentiality of the affected system. It is crucial for users of SparkShop to review their configurations and implement necessary security measures to safeguard against potential exploitation.

References

https://github.com/147536951/Qiany1/blob/main/SparkShop.pdf

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 25, 2025
Vulnerability Reserved
Jun 16, 2025