CVE-2025-8227

216.73.216.6

· Published 27/07/2025 09:15 · Modified 28/07/2025 15:15

Labels: CVE-2025-8227 2025-07-27 CVE-2025-8227 CWE-20 [email protected]

Essential information

Published: 27/07/2025 09:15
Modified: 28/07/2025 15:15
Author: —
Creator: —
CVSS: 5.3 MEDIUM (v3) 5.3 MEDIUM (v4.0)
CISA KEV: No
CWE: —
CVSS vector: —

CVSS metrics

Description

A vulnerability was found in yanyutao0402 ChanCMS up to 3.1.2. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /collect/getArticle. The manipulation of the argument taskUrl leads to deserialization. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 3.1.3 is able to address this issue. The patch is named 33d9bb464353015aaaba84e27638ac9a3912795d. It is recommended to upgrade the affected component.

NVD status

Status: Received — CVE has been recently published to the CVE List and has been received by the NVD.
Source: [email protected]
NVD: View on NVD

Affected products (CPE)

Product	CPE
yanyutao0402 / chancms	`cpe:2.3:a:yanyutao0402:chancms::::::::`
yanyutao0402 / chancms	`cpe:2.3:a:yanyutao0402:chancms:<3.1.3:::::::*`