CVE Catalog

CVE-2025-60838

MediumCVSS 6.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.24%

15th percentile - higher than 15% of all known CVEs

Summary

An arbitrary file upload vulnerability in MCMS v6.0.1 allows attackers to execute arbitrary code by uploading a crafted file.

Risk Assessment

The risk involves potential server compromise, leading to data theft, content modification, or full system takeover by an attacker.

Recommendation

Immediately update MCMS to the latest version that fixes this vulnerability. In the meantime, restrict file upload functionality to trusted users only.

Original NVD description (English source)

An arbitrary file upload vulnerability in MCMS v6.0.1 allows attackers to execute arbitrary code via uploading a crafted file.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS