Arbitrary File Deletion Vulnerability in PerfreeBlog by Perfree
CVE-2025-60730

7.6HIGH

Key Information:

Vendor: Perfree
Status: PerfreeBlog
Vendor: CVE Published:; 24 October 2025

What is CVE-2025-60730?

PerfreeBlog version 4.0.11 contains a serious security flaw that enables arbitrary file deletion through its unInstallTheme function. This vulnerability can be exploited by attackers to remove sensitive files from the server, potentially compromising the integrity of the web application and affecting users' data security. It is critical for users of PerfreeBlog to apply the latest updates and monitor their systems for any unauthorized access or file deletion attempts. For more information and guidance, visit the official Perfree support and documentation pages.

References

http://perfreeblog.com

https://perfree.org.cn/

https://github.com/dengxmenglihua/cve/blob/main/PerfreeBl...

CVSS V3.1

Score:

7.6

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 24, 2025
Vulnerability Reserved
Sep 26, 2025

CVE-2025-60730 Data

JSON