CVE-2025-5137 – DedeCMS Distant Code Injection Vulnerability

May 24, 2025

CVE ID : CVE-2025-5137

Published : May 25, 2025, 12:15 a.m. | 39 minutes ago

Description : A vulnerability was found in DedeCMS 5.7.117. It has been classified as critical. Affected is an unknown function of the file dede/sys_verifies.php?action=getfiles of the component Incomplete Fix CVE-2018-9175. The manipulation of the argument refiles leads to code injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Severity: 4.7 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleOpen-Typer is a typing tutor application

Next Article CVE-2025-5136 – Tmall Payment Identifier Handler Insecure Randomness Remote Vulnerability

This week in AI dev tools: Gemini API Batch Mode, Amazon SageMaker AI updates, and more (July 11, 2025)

JFrog finds MCP-related vulnerability, highlighting need for stronger focus on security in MCP ecosystem

8 Key Questions Every CEO Should Ask Before Hiring a Node.js Development Company in 2025

Vibe Loop: AI-native reliability engineering for the real world

51% claimed already: This Xbox Edition mechanical keyboard is at its lowest price yet while this sale lasts — Nostalgic green transparency for the win

This RDR2 deal feels like highway robbery — grab the “Wild West masterpiece” today before it rides off into the sunset

Grab these 7 Xbox games all under $40 — you don’t have long before Amazon Prime Day ends, so act fast

After 24 hours with Samsung’s Galaxy Z Flip 7, one big thing stands out

The details of TC39’s last meeting

The details of TC39’s last meeting

Francisco Bergeret Paves the Way Through Strong Leadership at Perficient

Intelligent Automation in the Healthcare Sector with n8n, OpenAI, and Pinecone

51% claimed already: This Xbox Edition mechanical keyboard is at its lowest price yet while this sale lasts — Nostalgic green transparency for the win

51% claimed already: This Xbox Edition mechanical keyboard is at its lowest price yet while this sale lasts — Nostalgic green transparency for the win

This RDR2 deal feels like highway robbery — grab the “Wild West masterpiece” today before it rides off into the sunset

Grab these 7 Xbox games all under $40 — you don’t have long before Amazon Prime Day ends, so act fast

CVE-2025-5137 – DedeCMS Distant Code Injection Vulnerability

Critical Vulnerability in Anthropic’s MCP Exposes Developer Machines to Remote Exploits

Critical Cisco Vulnerability in Unified CM Grants Root Access via Static Credentials

Ninja Gaiden 4 is bloody, stylish, and pure fun — I cannot wait for the full release of this Xbox, Team Ninja, and PlatinumGames team-up

Mapping the misuse of generative AI

How to prevent your streaming device from tracking your viewing habits (and why it makes a difference)

CVE-2025-36582 – Dell NetWorker SSL/TLS Algorithm Downgrade Information Disclosure

CVE-2025-4491 – Campcodes Online Food Ordering System SQL Injection Vulnerability

CVE-2025-45859 – TOTOLINK A3002R Buffer Overflow

CVE-2025-48877 – Discourse Codepen Unintended JS Execution Vulnerability

Windows 11 update KB5060829 triggering misleading firewall error

CVE-2025-5137 – DedeCMS Distant Code Injection Vulnerability

Related Posts