How severe is CVE-2025-65602?

CVE-2025-65602 has a CVSS v3 score of 9.8 (CRITICAL).

CVE-2025-65602

Name: chancms
Author: chancms

9.8CRITICAL

A template injection vulnerability in the /vip/v1/file/save component of ChanCMS v3.3.4 allows attackers to execute arbitrary code via a crafted POST request.

Published: 12/10/2025Updated: 12/18/2025

Description

A template injection vulnerability in the /vip/v1/file/save component of ChanCMS v3.3.4 allows attackers to execute arbitrary code via a crafted POST request.

AI AnalysisPowered by AI

Affected Products

chancmschancms

3.3.4

References

https://gitee.com/chancms/ChanCMS
Product
https://www.notion.so/ChanCMS-Unauthenticated-RCE-2a3ee9235ba380fc9973e16c06258689
Permissions Required
https://www.notion.so/ChanCMS-Unauthenticated-RCE-2a3ee9235ba380fc9973e16c06258689?source=copy_link
Permissions Required