ByteOS Network

Vulnerability Details :

CVE-2025-8132

Assigner-VulDB

Assigner Org ID-1af790b2-7ee1-4545-860a-a788eba489b5

Published At-25 Jul, 2025 | 05:02

Updated At-25 Jul, 2025 | 11:51

yanyutao0402 ChanCMS utils.js delfile path traversal

A vulnerability was found in yanyutao0402 ChanCMS up to 3.1.2. It has been rated as critical. Affected by this issue is the function delfile of the file app/extend/utils.js. The manipulation leads to path traversal. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 3.1.3 is able to address this issue. The name of the patch is c8a282bf02a62b59ec60b4699e91c51aff2ee9cd. It is recommended to upgrade the affected component.

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

▼Common Vulnerabilities and Exposures (CVE)

cve.org

Assigner:VulDB

Assigner Org ID:1af790b2-7ee1-4545-860a-a788eba489b5

Published At:25 Jul, 2025 | 05:02

Updated At:25 Jul, 2025 | 11:51

▼CVE Numbering Authority (CNA)

yanyutao0402 ChanCMS utils.js delfile path traversal

Affected Products

Vendor

yanyutao0402

Product

ChanCMS

Versions

Affected

3.1.0
3.1.1
3.1.2

Unaffected

3.1.3

Problem Types

Type	CWE ID	Description
CWE	CWE-22	Path Traversal

Type: CWE

CWE ID: CWE-22

Description: Path Traversal

Metrics

Version	Base score	Base severity	Vector
4.0	5.3	MEDIUM	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
3.1	5.4	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:P/RL:O/RC:C
3.0	5.4	MEDIUM	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:P/RL:O/RC:C
2.0	5.5	N/A	AV:N/AC:L/Au:S/C:N/I:P/A:P/E:POC/RL:OF/RC:C

Version: 4.0

Base score: 5.3

Base severity: MEDIUM

Vector:

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

Version: 3.1

Base score: 5.4

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:P/RL:O/RC:C

Version: 3.0

Base score: 5.4

Base severity: MEDIUM

Vector:

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:P/RL:O/RC:C

Version: 2.0

Base score: 5.5

Base severity: N/A

Vector:

AV:N/AC:L/Au:S/C:N/I:P/A:P/E:POC/RL:OF/RC:C

Credits

reporter

ZAST.AI (VulDB User)

Timeline

Event	Date
Advisory disclosed	2025-07-24 00:00:00
VulDB entry created	2025-07-24 02:00:00
VulDB entry last update	2025-07-24 17:49:10

Event: Advisory disclosed

Date: 2025-07-24 00:00:00

Event: VulDB entry created

Date: 2025-07-24 02:00:00

Event: VulDB entry last update

Date: 2025-07-24 17:49:10

References

Hyperlink	Resource
https://vuldb.com/?id.317528	vdb-entry technical-description
https://vuldb.com/?ctiid.317528	signature permissions-required
https://vuldb.com/?submit.619776	third-party-advisory
https://gitee.com/yanyutao0402/ChanCMS/issues/ICLOT8	exploit issue-tracking
https://gitee.com/yanyutao0402/ChanCMS/issues/ICLOT8#note_43945209_link	issue-tracking
https://gitee.com/yanyutao0402/ChanCMS/commit/c8a282bf02a62b59ec60b4699e91c51aff2ee9cd	patch
https://gitee.com/yanyutao0402/ChanCMS/releases/tag/V3.1.3	patch

Hyperlink: https://vuldb.com/?id.317528

Resource:

vdb-entry

technical-description

Hyperlink: https://vuldb.com/?ctiid.317528

Resource:

signature

permissions-required

Hyperlink: https://vuldb.com/?submit.619776

Resource:

third-party-advisory

Hyperlink: https://gitee.com/yanyutao0402/ChanCMS/issues/ICLOT8

Resource:

exploit

issue-tracking

Hyperlink: https://gitee.com/yanyutao0402/ChanCMS/issues/ICLOT8#note_43945209_link

Resource:

issue-tracking

Hyperlink: https://gitee.com/yanyutao0402/ChanCMS/commit/c8a282bf02a62b59ec60b4699e91c51aff2ee9cd

Resource:

patch

Hyperlink: https://gitee.com/yanyutao0402/ChanCMS/releases/tag/V3.1.3

Resource:

patch

▼Authorized Data Publishers (ADP)

CISA ADP Vulnrichment

Metrics Other Info

References

Hyperlink	Resource
https://gitee.com/yanyutao0402/ChanCMS/issues/ICLOT8	exploit
https://gitee.com/yanyutao0402/ChanCMS/issues/ICLOT8#note_43945209_link	exploit

Hyperlink: https://gitee.com/yanyutao0402/ChanCMS/issues/ICLOT8

Resource:

exploit

Hyperlink: https://gitee.com/yanyutao0402/ChanCMS/issues/ICLOT8#note_43945209_link

Resource:

exploit

▼National Vulnerability Database (NVD)

nvd.nist.gov

Source:cna@vuldb.com

Published At:25 Jul, 2025 | 05:15

Updated At:25 Jul, 2025 | 15:29

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Secondary	4.0	5.3	MEDIUM	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Secondary	3.1	5.4	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
Secondary	2.0	5.5	MEDIUM	AV:N/AC:L/Au:S/C:N/I:P/A:P

Type: Secondary

Version: 4.0

Base score: 5.3

Base severity: MEDIUM

Vector:

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Type: Secondary

Version: 3.1

Base score: 5.4

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L

Type: Secondary

Version: 2.0

Base score: 5.5

Base severity: MEDIUM

Vector:

AV:N/AC:L/Au:S/C:N/I:P/A:P

Weaknesses

CWE ID	Type	Source
CWE-22	Secondary	cna@vuldb.com

CWE ID: CWE-22

Type: Secondary

Source: cna@vuldb.com

References

Hyperlink	Source	Resource
https://gitee.com/yanyutao0402/ChanCMS/commit/c8a282bf02a62b59ec60b4699e91c51aff2ee9cd	cna@vuldb.com	N/A
https://gitee.com/yanyutao0402/ChanCMS/issues/ICLOT8	cna@vuldb.com	N/A
https://gitee.com/yanyutao0402/ChanCMS/issues/ICLOT8#note_43945209_link	cna@vuldb.com	N/A
https://gitee.com/yanyutao0402/ChanCMS/releases/tag/V3.1.3	cna@vuldb.com	N/A
https://vuldb.com/?ctiid.317528	cna@vuldb.com	N/A
https://vuldb.com/?id.317528	cna@vuldb.com	N/A
https://vuldb.com/?submit.619776	cna@vuldb.com	N/A
https://gitee.com/yanyutao0402/ChanCMS/issues/ICLOT8	134c704f-9b21-4f2e-91b3-4a467353bcc0	N/A
https://gitee.com/yanyutao0402/ChanCMS/issues/ICLOT8#note_43945209_link	134c704f-9b21-4f2e-91b3-4a467353bcc0	N/A

Hyperlink: https://gitee.com/yanyutao0402/ChanCMS/commit/c8a282bf02a62b59ec60b4699e91c51aff2ee9cd

Source: cna@vuldb.com

Resource: N/A

Hyperlink: https://gitee.com/yanyutao0402/ChanCMS/issues/ICLOT8

Source: cna@vuldb.com

Resource: N/A

Hyperlink: https://gitee.com/yanyutao0402/ChanCMS/issues/ICLOT8#note_43945209_link

Source: cna@vuldb.com

Resource: N/A

Hyperlink: https://gitee.com/yanyutao0402/ChanCMS/releases/tag/V3.1.3

Source: cna@vuldb.com

Resource: N/A

Hyperlink: https://vuldb.com/?ctiid.317528

Source: cna@vuldb.com

Resource: N/A

Hyperlink: https://vuldb.com/?id.317528

Source: cna@vuldb.com

Resource: N/A

Hyperlink: https://vuldb.com/?submit.619776

Source: cna@vuldb.com

Resource: N/A

Hyperlink: https://gitee.com/yanyutao0402/ChanCMS/issues/ICLOT8

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

Resource: N/A

Hyperlink: https://gitee.com/yanyutao0402/ChanCMS/issues/ICLOT8#note_43945209_link

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

Resource: N/A

CVE-2025-8132

Credits

yanyutao0402 ChanCMS utils.js delfile path traversal

Vendors

Products

Metrics (CVSS)

Weaknesses

Attack Patterns

Solution/Workaround

References

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

Stakeholder-Specific Vulnerability Categorization (SSVC)

Affected Products

Affected

Unaffected

Problem Types

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

Affected Products

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History

Similar CVEs