CVE-2025-3855 – CodeCanyon RISE Ultimate Project Manager File Inclusion Vulnerability

April 21, 2025

CVE ID : CVE-2025-3855

Published : April 22, 2025, 1:15 a.m. | 1 hour, 21 minutes ago

Description : A vulnerability was found in CodeCanyon RISE Ultimate Project Manager 3.8.2 and classified as problematic. Affected by this issue is some unknown functionality of the file /index.php/team_members/save_profile_image/ of the component Profile Picture Handler. The manipulation of the argument profile_image_file leads to improper control of resource identifiers. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

Severity: 4.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-3850 – YXJ2018 SpringBoot-Vue-OnlineExam Remote Authentication Bypass Vulnerability

Next Article CVE-2024-58250 – ppp Passprompt Privilege Escalation Vulnerability

Designing For TV: Principles, Patterns And Practical Guidance (Part 2)

Neo4j introduces new graph architecture that allows operational and analytics workloads to be run together

Beyond the benchmarks: Understanding the coding personalities of different LLMs

Top 10 Use Cases of Vibe Coding in Large-Scale Node.js Applications

Building smarter interactions with MCP elicitation: From clunky tool calls to seamless user experiences

From Zero to MCP: Simplifying AI Integrations with xmcp

Distribution Release: Linux Mint 22.2

Coded Smorgasbord: Basically, a Smorgasbord

Drupal 11’s AI Features: What They Actually Mean for Your Team

Drupal 11’s AI Features: What They Actually Mean for Your Team

Why Data Governance Matters More Than Ever in 2025?

Perficient Included in the IDC Market Glance for Digital Business Professional Services, 3Q25

How DevOps Teams Are Redefining Reliability with NixOS and OSTree-Powered Linux

How DevOps Teams Are Redefining Reliability with NixOS and OSTree-Powered Linux

Distribution Release: Linux Mint 22.2

‘Cronos: The New Dawn’ was by far my favorite experience at Gamescom 2025 — Bloober might have cooked an Xbox / PC horror masterpiece

CVE-2025-3855 – CodeCanyon RISE Ultimate Project Manager File Inclusion Vulnerability

Critical Linux UDisks Daemon Vulnerability (CVE-2025-8067) Exposes Privileged Data to Local Attackers

Google Slapped with $381 Million Fine in France Over Gmail Ads, Cookie Consent Missteps

Google Pixel 8a vs. Pixel 9a: Which Budget Pixel Should You Buy?

CVE-2025-55194 – Part-DB Persistent File Extension Denial of Service

CVE-2025-47226 – Grokability Snipe-IT Authorization Bypass

CVE-2025-5739 – TOTOLINK X15 HTTP POST Request Handler Buffer Overflow Vulnerability

Apple’s AI Race: Is the Tech Giant Falling Behind?

CVE-2025-20987 – Samsung Galaxy Fingerprint Vulnerability – Authentication Bypass

How to Fix Windows Update Error 0xXXXXXXXXX on Windows PC (Step-by-Step Guide)

CVE-2025-5078 – Campcodes Online Shopping Portal SQL Injection

CVE-2025-3855 – CodeCanyon RISE Ultimate Project Manager File Inclusion Vulnerability

Related Posts