OS Command Injection Vulnerability in PublicCMS by Sanluan
CVE-2025-57516

Currently unrated

Key Information:

Vendor: Sanluan
Status: PublicCMS
Vendor: CVE Published:; 29 September 2025

What is CVE-2025-57516?

An OS Command injection vulnerability exists in PublicCMS versions V5.202506.a and V5.202506.b. Attackers can exploit this weakness to execute arbitrary commands by manipulating the DATABASE, USERNAME, or PASSWORD variables routed to the backupDB.bat file. This vulnerability poses a significant risk as it allows unauthorized command execution on the server, potentially leading to data compromise and system disruption.

References

https://github.com/sanluan/PublicCMS/issues/97

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 29, 2025
Vulnerability Reserved
Aug 17, 2025

JSON