CVE-2025-63678 | THREATINT

Description

An authenticated arbitrary file upload vulnerability in the /uploads/ endpoint of CMS Made Simple Foundation File Manager v2.2.22 allows attackers with Administrator privileges to execute arbitrary code via uploading a crafted PHP file.

PUBLISHED Reserved 2025-10-27 | Published 2025-11-10 | Updated 2025-11-12 | Assigner mitre

References

github.com/...rts/blob/main/CMSMS 2.2.22 _ Raport 092025.pdf

cve.org (CVE-2025-63678)

nvd.nist.gov (CVE-2025-63678)

Download JSON