Is there a public PoC exploit available for CVE-2025-11905?

Yes, a public proof-of-concept exploit is available for CVE-2025-11905. Prioritise patching immediately. EPSS: 0.0%.

ChanCMS CVE-2025-11905

Q: What is the CVSS score of CVE-2025-11905?

CVE-2025-11905 has a CVSS 4.0 base score of 2.1 (Low). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.0%.

LOW

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') (CWE-74)

2025-10-17 cna@vuldb.com

Code Injection Chancms

2.1

CVSS 4.0 · NVD

Severity by source

NVD PRIMARY

2.1 LOW

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Lifecycle Timeline

Analysis Generated

Apr 29, 2026 - 02:18 vuln.today

DescriptionCVE.org

A vulnerability was found in yanyutao0402 ChanCMS up to 3.3.2. This vulnerability affects the function getArticle of the file app\modules\cms\controller\gather.js. The manipulation results in code injection. The attack may be launched remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.

AnalysisAI

Code injection in ChanCMS up to version 3.3.2 via the getArticle function in app/modules/cms/controller/gather.js allows authenticated remote attackers to inject and execute arbitrary code with low impact on confidentiality, integrity, and availability. The exploit is publicly available on GitHub but exploitation probability remains low (EPSS 0.04%) due to authentication requirements and limited impact scope. The vendor did not respond to early disclosure notification.

Technical ContextAI

The vulnerability resides in the getArticle function of the ChanCMS gather module controller (CWE-74: Improper Neutralization of Special Elements used in an Output). The root cause is insufficient input sanitization or validation when processing article-related parameters, allowing attackers to inject malicious code into the application logic. ChanCMS is a Node.js-based content management system; the gather.js module appears to handle content aggregation or retrieval operations. The code injection occurs in a context where user-supplied input is processed without proper filtering before being used in code execution contexts.

RemediationAI

Immediate action: Upgrade ChanCMS to a version beyond 3.3.2 if available from the vendor. However, as the vendor did not respond to early disclosure notification, patched releases may not be available. If upgrade is not possible, implement the following compensating controls: restrict access to the gather.js endpoint to trusted internal users only via network access controls or authentication policy enforcement, disable the gather/article retrieval functionality if not actively used in production, implement input validation and output encoding on all parameters passed to the getArticle function, and apply Web Application Firewall (WAF) rules to detect and block code injection patterns in request payloads targeting the gather endpoint. Monitor application logs for suspicious requests to the gather module for early detection of exploitation attempts. Contact the ChanCMS maintainer or community for security updates or patches; if unresponsive, consider migrating to a maintained alternative CMS.

CVE-2025-11905 vulnerability details – vuln.today

Back