CVE-2025-5381 – Yifang CMS Path Traversal Vulnerability

May 31, 2025

CVE ID : CVE-2025-5381

Published : May 31, 2025, 3:15 p.m. | 2 hours, 29 minutes ago

Description : A vulnerability, which was classified as problematic, was found in Yifang CMS up to 2.0.2. Affected is the function downloadFile of the file /api/File/downloadFile of the component Admin Panel. The manipulation of the argument File leads to path traversal. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Severity: 2.7 | LOW

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-5383 – Yifang CMS Article Management Module Cross-Site Scripting Vulnerability

Next Article CVE-2025-5380 – Ashinigit XueShengZhuSu Image File Upload Remote Path Traversal Vulnerability

This week in AI updates: Mistral’s new Le Chat features, ChatGPT updates, and more (September 5, 2025)

Designing For TV: Principles, Patterns And Practical Guidance (Part 2)

Neo4j introduces new graph architecture that allows operational and analytics workloads to be run together

Beyond the benchmarks: Understanding the coding personalities of different LLMs

Development Release: KDE Linux 20250906

Hitachi Energy Pledges $1B to Strengthen US Grid, Build Largest Transformer Plant in Virginia

How to debug a web app with Playwright MCP and GitHub Copilot

Between Strategy and Story: Thierry Chopain’s Creative Path

Health Monitoring Android App using SQLite

Health Monitoring Android App using SQLite

Convertedbook – Live LaTeX Preview in the Browser

Why browsers throttle JavaScript timers (and what to do about it)

Development Release: KDE Linux 20250906

Development Release: KDE Linux 20250906

Harnessing GitOps on Linux for Seamless, Git-First Infrastructure Management

How DevOps Teams Are Redefining Reliability with NixOS and OSTree-Powered Linux

CVE-2025-5381 – Yifang CMS Path Traversal Vulnerability

Under lock and key: Safeguarding business data with encryption

Malicious npm Packages Impersonate Flashbots, Steal Ethereum Wallet Keys

CVE-2025-30419 – NI Circuit Design Suite SymbolEditor Out-of-Bounds Read Vulnerability

CVE-2025-29627 – KeeperChat Biometric Authentication Module Privilege Escalation Vulnerability

Microsoft wants AI devs off the cloud – and on Windows with AI Foundry

CVE-2025-5539 – WordPress WP Easy Contact Stored Cross-Site Scripting

The Xbox app on Windows 11 gets a handy feature just in time for the Project Kennan handheld

Multiple reports suggest a Persona 4 Remake from Atlus will be announced during the Xbox Games Showcase

CVE-2025-52811 – Creanncy Davenport Path Traversal PHP Local File Inclusion Vulnerability

Can LLMs Really Judge with Reasoning? Microsoft and Tsinghua Researchers Introduce Reward Reasoning Models to Dynamically Scale Test-Time Compute for Better Alignment

CVE-2025-5381 – Yifang CMS Path Traversal Vulnerability

Related Posts