CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2025-65602

A template injection vulnerability in the /vip/v1/file/save component of ChanCMS v3.3.4 allows attackers to execute arbitrary code via a crafted POST request.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 5.3%

CVSS Severity

CVSS v3 Score 9.8

References

https://gitee.com/chancms/ChanCMS
https://www.notion.so/ChanCMS-Unauthenticated-RCE-2a3ee9235ba380fc9973e16c06258689
https://www.notion.so/ChanCMS-Unauthenticated-RCE-2a3ee9235ba380fc9973e16c06258689?source=copy_link

Products affected by CVE-2025-65602

Chancms » Chancms » Version: 3.3.4

cpe:2.3:a:chancms:chancms:3.3.4

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-65602

Products

Pricing

Contact Us