CVE-2025-41396

A path traversal issue exists in file uploading feature of multiple versions of PowerCMS. Arbitrary files may be overwritten by a product user.

CVSS v3 5.4 MEDIUM

5.4^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 2.5

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact LOW

Scope UNCHANGED

References

Link	Resource
https://jvn.jp/en/vu/JVNVU93412964/	Third Party Advisory
https://www.powercms.jp/news/release-powercms-671-531-461.html	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:alfasado:powercms::::::::
	cpe:2.3:a:alfasado:powercms::::::::
	cpe:2.3:a:alfasado:powercms::::::::

History

06 Aug 2025, 16:51

Type	Values Removed	Values Added
References	~~() https://jvn.jp/en/vu/JVNVU93412964/ -~~	() https://jvn.jp/en/vu/JVNVU93412964/ - Third Party Advisory
References	~~() https://www.powercms.jp/news/release-powercms-671-531-461.html -~~	() https://www.powercms.jp/news/release-powercms-671-531-461.html - Vendor Advisory
First Time		Alfasado Alfasado powercms
CPE		cpe:2.3:a:alfasado:powercms::::::::

31 Jul 2025, 18:42

Type	Values Removed	Values Added
Summary		(es) Existe un problema de path traversal en la función de carga de archivos de varias versiones de PowerCMS. El usuario del producto podría sobrescribir archivos arbitrarios.

31 Jul 2025, 08:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-07-31 08:15

Updated : 2025-08-06 16:51

NVD link : CVE-2025-41396

Mitre link : CVE-2025-41396

CVE.ORG link : CVE-2025-41396

JSON object : View

Products Affected

alfasado

powercms

CWE

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

{"id": "CVE-2025-41396", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "vultures@jpcert.or.jp", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 2.5, "exploitabilityScore": 2.8}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.8}], "cvssMetricV40": [{"type": "Secondary", "source": "vultures@jpcert.or.jp", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 5.3, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "LOW", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2025-07-31T08:15:24.973", "references": [{"url": "https://jvn.jp/en/vu/JVNVU93412964/", "tags": ["Third Party Advisory"], "source": "vultures@jpcert.or.jp"}, {"url": "https://www.powercms.jp/news/release-powercms-671-531-461.html", "tags": ["Vendor Advisory"], "source": "vultures@jpcert.or.jp"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "vultures@jpcert.or.jp", "description": [{"lang": "en", "value": "CWE-22"}]}], "descriptions": [{"lang": "en", "value": "A path traversal issue exists in file uploading feature of multiple versions of PowerCMS. Arbitrary files may be overwritten by a product user."}, {"lang": "es", "value": "Existe un problema de path traversal en la funci\u00f3n de carga de archivos de varias versiones de PowerCMS. El usuario del producto podr\u00eda sobrescribir archivos arbitrarios."}], "lastModified": "2025-08-06T16:51:55.933", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:alfasado:powercms:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "39338A94-147E-4A9C-8869-664ADF23A861", "versionEndExcluding": "4.61", "versionStartIncluding": "4.0"}, {"criteria": "cpe:2.3:a:alfasado:powercms:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "69B89E7D-5961-4AB8-8E0A-7C3798A3E92B", "versionEndExcluding": "5.31", "versionStartIncluding": "5.0"}, {"criteria": "cpe:2.3:a:alfasado:powercms:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "78052EB4-43C6-49A0-82C7-107FCCAD13D0", "versionEndExcluding": "6.71", "versionStartIncluding": "6.0"}], "operator": "OR"}]}], "sourceIdentifier": "vultures@jpcert.or.jp"}