Insecure Deserialization Vulnerability in e107 CMS by e107 Inc.
CVE-2025-61505

6.5MEDIUM

Key Information:

Vendor: e107 Inc.
Status: e107 CMS
Vendor: CVE Published:; 10 October 2025

What is CVE-2025-61505?

e107 CMS versions up to 2.3.3 feature a vulnerability in the install.php script, which is susceptible to insecure deserialization. This allows attackers to exploit the previous_steps POST parameter by injecting malicious serialized data through unserialize(base64_decode()), leading to remote code execution, arbitrary file operations, or potential denial of service. The extent of this threat is contingent on the presence of exploitable PHP object gadgets within the environment.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://github.com/e107inc/e107/blob/master/install.php

https://xancatos.org/cve202561505

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 10, 2025
Vulnerability Reserved
Sep 26, 2025

JSON

e107 Inc.

What is CVE-2025-61505?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.