CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2025-25224

The LuxCal Web Calendar prior to 5.3.3M (MySQL version) and prior to 5.3.3L (SQLite version) contains a missing authentication vulnerability in dloader.php. If this vulnerability is exploited, arbitrary files on a server may be obtained.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 14.4%

CVSS Severity

CVSS v3 Score 5.3

References

https://jvn.jp/en/jp/JVN26024080/
https://www.luxsoft.eu/?download
https://www.luxsoft.eu/lcforum/viewtopic.php?pid=1984#p1984

Products affected by CVE-2025-25224

Luxsoft » Luxcal Web Calendar » Version: 5.2.4l

cpe:2.3:a:luxsoft:luxcal_web_calendar:5.2.4l
Luxsoft » Luxcal Web Calendar » Version: 5.2.4m

cpe:2.3:a:luxsoft:luxcal_web_calendar:5.2.4m

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-25224

Products

Pricing

Contact Us