CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2025-63678

An authenticated arbitrary file upload vulnerability in the /uploads/ endpoint of CMS Made Simple Foundation File Manager v2.2.22 allows attackers with Administrator privileges to execute arbitrary code via uploading a crafted PHP file.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 30.4%

CVSS Severity

CVSS v3 Score 7.2

References

https://github.com/kasiasok/raports/blob/main/CMSMS%202.2.22%20_%20Raport%20092025.pdf

Products affected by CVE-2025-63678

Cmsmadesimple » File Manager » Version: 2.2.22

cpe:2.3:a:cmsmadesimple:file_manager:2.2.22

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-63678

Products

Pricing

Contact Us