Open Redirect Vulnerability in Sanluan PublicCMS Affects Multiple Versions
CVE-2025-7953

5.1MEDIUM

Key Information:

Vendor

Sanluan

Status
Publiccms
Vendor
CVE Published:
22 July 2025

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2025-7953?

An open redirect vulnerability has been identified in Sanluan PublicCMS, specifically affecting the viewer.html file within certain versions. This flaw allows attackers to manipulate the File argument, leading to potential redirection to malicious sites. The issue can be exploited remotely, posing risks to users and their data. A patch has been released (commit f1af17af004ca9345c6fe4d5936d87d008d26e75) to address this vulnerability, and users are strongly encouraged to apply it promptly to mitigate the risks.

Affected Version(s)

PublicCMS 5.202506.a

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2025-7953 - Proof of Concept

References

https://vuldb.com/?id.317099
vdb-entrytechnical-description
https://vuldb.com/?ctiid.317099
signaturepermissions-required
https://vuldb.com/?submit.619279
third-party-advisory

CVSS V4

Score:
5.1
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
Unknown

Timeline

  • 🟡

    Public PoC available

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

ZAST.AI (VulDB User)
.