CVE-2025-4329 - Vulnerability Details

A vulnerability was found in 74CMS up to 3.33.0. It has been rated as problematic. Affected by this issue is the function index of the file /index.php/index/download/index. The manipulation of the argument url leads to path traversal. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact Low

Vulnerable System Integrity Impact None

Vulnerable System Availability Impact None

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

This CVE is not in the KEV list.

Exploitation poc

Automatable no

Technical Impact partial

No data.

References

Link	Providers
https://github.com/Q16G/cve_detail/blob/main/74cms/fileRead.md
https://vuldb.com/?ctiid.307430
https://vuldb.com/?id.307430
https://vuldb.com/?submit.564318

History

Tue, 06 May 2025 14:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Tue, 06 May 2025 07:15:00 +0000

Type	Values Removed	Values Added
Description		A vulnerability was found in 74CMS up to 3.33.0. It has been rated as problematic. Affected by this issue is the function index of the file /index.php/index/download/index. The manipulation of the argument url leads to path traversal. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Title		74CMS index path traversal
Weaknesses		CWE-22
References		https://github.com/Q16G/cve_detail/blob/main/74cms/fileRead.md https://vuldb.com/?ctiid.307430 https://vuldb.com/?id.307430 https://vuldb.com/?submit.564318
Metrics		cvssV2_0 `{'score': 4, 'vector': 'AV:N/AC:L/Au:S/C:P/I:N/A:N'}` cvssV3_0 `{'score': 4.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N'}` cvssV3_1 `{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N'}` cvssV4_0 `{'score': 5.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N'}`

MITRE

Status: PUBLISHED

Assigner: VulDB

Published: 2025-05-06T07:00:08.731Z

Updated: 2025-05-06T14:11:17.184Z

Reserved: 2025-05-05T15:04:29.266Z

Link: CVE-2025-4329

Vulnrichment

Updated: 2025-05-06T14:11:06.247Z

NVD

Status : Awaiting Analysis

Published: 2025-05-06T07:15:49.013

Modified: 2025-05-07T14:13:35.980

Link: CVE-2025-4329

Redhat

No data.

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact Low

Vulnerable System Integrity Impact None

Vulnerable System Availability Impact None

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

Exploitation poc

Automatable no

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object