CVE Catalog
CVE-2025-60729
MediumCVSS 5.3Exploitation Probability (EPSS)
Low risk0.29%
21th percentile - higher than 21% of all known CVEs
Summary
PerfreeBlog version 4.0.11 has an arbitrary file read vulnerability in the validThemeFilePath function. It allows an attacker to read arbitrary files on the server.
Risk Assessment
The risk involves potential leakage of sensitive data such as configuration files, passwords, or source code, which could lead to further attacks on the system.
Recommendation
It is recommended to immediately update PerfreeBlog to the latest version that fixes this vulnerability and restrict access to the application to trusted users only.
Original NVD description (English source)
PerfreeBlog v4.0.11 has an arbitrary file read vulnerability in the validThemeFilePath function

