CVE-2025-29287 | THREATINT

Description

An arbitrary file upload vulnerability in the ueditor component of MCMS v5.4.3 allows attackers to execute arbitrary code via uploading a crafted file.

PUBLISHED Reserved 2025-03-11 | Published 2025-04-21 | Updated 2025-04-21 | Assigner mitre

References

gitee.com/mingSoft/MCMS/issues/IBOOTX exploit

cms.com

gitee.com/mingSoft/MCMS/issues/IBOOTX

gist.github.com/erdan111/38dcb5150b523436fe01249b2542f02f

cve.org (CVE-2025-29287)

nvd.nist.gov (CVE-2025-29287)

Download JSON