Vulnerability Details CVE-2025-60449
An information disclosure vulnerability has been discovered in SeaCMS 13.1. The vulnerability exists in the admin_safe.php component located in the /btcoan/ directory. This security flaw allows authenticated administrators to scan and download not only the application’s source code but also potentially any file accessible on the server’s root directory.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 6.7%
CVSS Severity
CVSS v3 Score 4.9