CVE Catalog
CVE-2025-60838
MediumCVSS 6.5Exploitation Probability (EPSS)
Low risk0.24%
15th percentile - higher than 15% of all known CVEs
Summary
An arbitrary file upload vulnerability in MCMS v6.0.1 allows attackers to execute arbitrary code by uploading a crafted file.
Risk Assessment
The risk involves potential server compromise, leading to data theft, content modification, or full system takeover by an attacker.
Recommendation
Immediately update MCMS to the latest version that fixes this vulnerability. In the meantime, restrict file upload functionality to trusted users only.
Original NVD description (English source)
An arbitrary file upload vulnerability in MCMS v6.0.1 allows attackers to execute arbitrary code via uploading a crafted file.

