Unrestricted File Upload in PowerCMS Affects Multiple Versions
CVE-2025-54757

5.1MEDIUM

Key Information:

Vendor: Alfasado Inc.
Status: Powercms
Vendor: CVE Published:; 31 July 2025

🔔 Create Alfasado Inc. Vulnerability Alert

What is CVE-2025-54757?

Multiple versions of PowerCMS are affected by a vulnerability that allows the unrestricted upload of dangerous files. This can lead to serious security risks, including the potential execution of arbitrary scripts on the browser if a product administrator unknowingly accesses a malicious file uploaded by a user. It is crucial for administrators to implement mitigation strategies and ensure their installations are updated to prevent exploitation.

Affected Version(s)

PowerCMS 6.7 and earlier (PowerCMS 6.x series)

PowerCMS 5.3 and earlier (PowerCMS 5.x series)

PowerCMS 4.6 and earlier (PowerCMS 4.x series)

References

https://www.powercms.jp/news/release-powercms-671-531-461...

https://jvn.jp/en/vu/JVNVU93412964/

CVSS V4

Score:

5.1

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 31, 2025
Vulnerability Reserved
Jul 30, 2025