Improper Authorization in Juzaweb CMS 3.4.2 Affects Theme Installation
CVE-2025-6736

6.3MEDIUM

Key Information:

Vendor: Juzaweb
Status: Juzaweb CMS
Vendor: CVE Published:; 27 June 2025

What is CVE-2025-6736?

A vulnerability has been identified in Juzaweb CMS version 3.4.2, specifically within the Add New Themes Page located at /admin-cp/theme/install. This flaw allows remote attackers to exploit the system by bypassing proper authorization measures. The vulnerability can lead to unauthorized access, enabling the upload of malicious themes by unprivileged users. Despite the disclosure of this issue, the vendor has yet to respond or provide a mitigation strategy, increasing the urgency for organizations using this CMS to take immediate action to secure their systems.

References

https://github.com/Cyber-Wo0dy/report/blob/main/juzawebcm...

https://vuldb.com/?ctiid.314011

https://vuldb.com/?id.314011

CVSS V3.1

Score:

6.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 27, 2025