CVE-2025-5381 – Yifang CMS Path Traversal Vulnerability

May 31, 2025

CVE ID : CVE-2025-5381

Published : May 31, 2025, 3:15 p.m. | 2 hours, 29 minutes ago

Description : A vulnerability, which was classified as problematic, was found in Yifang CMS up to 2.0.2. Affected is the function downloadFile of the file /api/File/downloadFile of the component Admin Panel. The manipulation of the argument File leads to path traversal. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Severity: 2.7 | LOW

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-5383 – Yifang CMS Article Management Module Cross-Site Scripting Vulnerability

Next Article CVE-2025-5380 – Ashinigit XueShengZhuSu Image File Upload Remote Path Traversal Vulnerability

The Case For Minimal WordPress Setups: A Contrarian View On Theme Frameworks

How To Fix Largest Contentful Paint Issues With Subpart Analysis

How To Prevent WordPress SQL Injection Attacks

Smashing Animations Part 4: Optimising SVGs

I test AI tools for a living. Here are 3 image generators I actually use and how

The world’s smallest 65W USB-C charger is my latest travel essential

This Spotlight alternative for Mac is my secret weapon for AI-powered search

Tech prophet Mary Meeker just dropped a massive report on AI trends – here’s your TL;DR

Beyond AEM: How Adobe Sensei Powers the Full Enterprise Experience

Beyond AEM: How Adobe Sensei Powers the Full Enterprise Experience

Simplify Negative Relation Queries with Laravel’s whereDoesntHaveRelation Methods

Cast Model Properties to a Uri Instance in 12.17

My Favorite Obsidian Plugins and Their Hidden Settings

My Favorite Obsidian Plugins and Their Hidden Settings

Rilasciata /e/OS 3.0: Nuova Vita per Android Senza Google, Più Privacy e Controllo per l’Utente

Rilasciata Oracle Linux 9.6: Scopri le Novità e i Miglioramenti nella Sicurezza e nelle Prestazioni

CVE-2025-5381 – Yifang CMS Path Traversal Vulnerability

HPE StoreOnce Faces Critical CVE-2025-37093 Vulnerability — Urges Immediate Patch Upgrade

Google fixes Chrome zero-day with in-the-wild exploit (CVE-2025-5419)

SystemdGenie is a systemd management utility

Neural Concept raises $27M for ML-powered 3D product design software

Kingdom Come: Deliverance 2 reviews and Metacritic scores are in — Here’s what everyone’s saying about the medieval RPG

Last Week in AI #272: Google’s AI search blunders, Unveiling AI’s ‘Black Box’, Scarlett Johansson vs OpenAI’s, and more!

How to Deploy Your FastAPI + PostgreSQL App on Render: A Beginner’s Guide

Meta wants AI to automate every step of the ad production process – report

Hypernetworks for Personalizing ASR to Atypical Speech

Navigating Service Management on Debian

CVE-2025-5381 – Yifang CMS Path Traversal Vulnerability

Related Posts