CVE-2025-2639

A vulnerability has been found in JIZHICMS up to 1.7.0 and classified as problematic. This vulnerability affects unknown code of the file /user/release.html of the component Article Handler. The manipulation leads to improper authorization. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Configurations

Configuration 1 (hide)

cpe:2.3:a:jizhicms:jizhicms:*:*:*:*:*:*:*:*

History

28 Mar 2025, 19:33

Type Values Removed Values Added
First Time Jizhicms jizhicms
Jizhicms
CPE cpe:2.3:a:jizhicms:jizhicms:*:*:*:*:*:*:*:*
CWE NVD-CWE-noinfo
Summary
  • (es) Se ha detectado una vulnerabilidad en JIZHICMS hasta la versión 1.7.0, clasificada como problemática. Esta vulnerabilidad afecta al código desconocido del archivo /user/release.html del componente Article Handler. La manipulación provoca una autorización indebida. El ataque puede iniciarse remotamente. Se ha hecho público el exploit y puede que sea utilizado.
References () https://github.com/H3rmesk1t/vulnerability-paper/blob/main/jizhiCMS-1.7.0-Incorrect%20Access%20Control3.md - () https://github.com/H3rmesk1t/vulnerability-paper/blob/main/jizhiCMS-1.7.0-Incorrect%20Access%20Control3.md - Exploit, Third Party Advisory
References () https://vuldb.com/?ctiid.300640 - () https://vuldb.com/?ctiid.300640 - Permissions Required, VDB Entry
References () https://vuldb.com/?id.300640 - () https://vuldb.com/?id.300640 - Permissions Required, VDB Entry
References () https://vuldb.com/?submit.519634 - () https://vuldb.com/?submit.519634 - Third Party Advisory, VDB Entry

24 Mar 2025, 15:15

Type Values Removed Values Added
References () https://github.com/H3rmesk1t/vulnerability-paper/blob/main/jizhiCMS-1.7.0-Incorrect%20Access%20Control3.md - () https://github.com/H3rmesk1t/vulnerability-paper/blob/main/jizhiCMS-1.7.0-Incorrect%20Access%20Control3.md -

23 Mar 2025, 03:15

Type Values Removed Values Added
New CVE

Information

Published : 2025-03-23 03:15

Updated : 2025-03-28 19:33


NVD link : CVE-2025-2639

Mitre link : CVE-2025-2639

CVE.ORG link : CVE-2025-2639


JSON object : View

Products Affected

jizhicms

  • jizhicms
CWE
CWE-266

Incorrect Privilege Assignment

CWE-285

Improper Authorization

NVD-CWE-noinfo