CVE Catalog
CVE-2025-25784
CriticalCVSS 9.8Exploitation Probability (EPSS)
Elevated risk0.84%
53th percentile - higher than 53% of all known CVEs
Summary
An arbitrary file upload vulnerability in Jizhicms v2.5.4 component TemplateController.php allows attackers to execute arbitrary code by uploading a crafted ZIP file.
Risk Assessment
The risk includes full server compromise, data theft, and potential lateral movement within the internal network.
Recommendation
Immediately update Jizhicms to the latest version and implement file type validation and ZIP upload restrictions.
Original NVD description (English source)
An arbitrary file upload vulnerability in the component \c\TemplateController.php of Jizhicms v2.5.4 allows attackers to execute arbitrary code via uploading a crafted Zip file.

