How severe is CVE-2025-65602?

CVE-2025-65602 has a CVSS v3 score of 9.8 (CRITICAL).

CVE-2025-65602

Name: chancms
Author: chancms

9.8CRITICAL

A template injection vulnerability in the /vip/v1/file/save component of ChanCMS v3.3.4 allows attackers to execute arbitrary code via a crafted POST request.

Publicado: 12/10/2025Actualizado: 12/18/2025

Descripción

A template injection vulnerability in the /vip/v1/file/save component of ChanCMS v3.3.4 allows attackers to execute arbitrary code via a crafted POST request.

Análisis IAImpulsado por IA

Productos Afectados

chancmschancms

3.3.4

Referencias

https://gitee.com/chancms/ChanCMS
Product
https://www.notion.so/ChanCMS-Unauthenticated-RCE-2a3ee9235ba380fc9973e16c06258689
Permissions Required
https://www.notion.so/ChanCMS-Unauthenticated-RCE-2a3ee9235ba380fc9973e16c06258689?source=copy_link
Permissions Required