Sanluan PublicCMS CVE-2025-7949
LOWSeverity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
1DescriptionCVE.org
A vulnerability was found in Sanluan PublicCMS up to 5.202506.a. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file publiccms-parent/publiccms/src/main/resources/templates/admin/cmsDiy/preview.html. The manipulation of the argument url leads to open redirect. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The patch is named c1e79f124e3f4c458315d908ed7dee06f9f12a76/f1af17af004ca9345c6fe4d5936d87d008d26e75. It is recommended to apply a patch to fix this issue.
AnalysisAI
Open redirect vulnerability in Sanluan PublicCMS up to version 5.202506.a allows authenticated remote attackers with low privileges to redirect users to arbitrary external URLs via manipulation of the url parameter in the admin preview functionality. The vulnerability requires user interaction (clicking a malicious link) and impacts integrity but not confidentiality or availability. Publicly available exploit code exists, and vendor patches are available.
Technical ContextAI
The vulnerability exists in the file publiccms-parent/publiccms/src/main/resources/templates/admin/cmsDiy/preview.html, a server-side template that processes user-supplied URL parameters without proper validation. This is a classic open redirect vulnerability (CWE-601) where attacker-controlled input flows directly into a redirect operation without verification that the destination is within the application's trusted domain. The affected component is part of the admin content management interface, indicating the vulnerability requires authenticated access to the admin panel. The CVSS vector (AV:N/AC:L) indicates network-based exploitation with low complexity, but the PR:L and UI:P constraints mean an authenticated user with low privileges must be involved and a targeted user must click a malicious link.
RemediationAI
Apply the vendor-released patch from GitHub commit c1e79f124e3f4c458315d908ed7dee06f9f12a76 (or the follow-up commit f1af17af004ca9345c6fe4d5936d87d008d26e75) to remediate the open redirect. Review the patch in the PublicCMS repository at https://github.com/sanluan/PublicCMS/commit/c1e79f124e3f4c458315d908ed7dee06f9f12a76 to understand the fix implementation. As a compensating control prior to patching, restrict admin panel access via IP allowlist or VPN, reducing the attack surface to authenticated administrators on trusted networks. Additionally, implement Content Security Policy (CSP) headers with default-src 'self' to limit redirect scope and educate administrative users to verify URLs before clicking links in CMS preview contexts. These controls do not eliminate the vulnerability but significantly reduce exploitation probability.
More from same product – last 7 days
Host header injection in Nezha Monitoring versions 1.0.0 through 2.2.0 allows unauthenticated remote attackers to redire
Open redirect in Roxy-WI versions 8.2.6.4 and prior allows unauthenticated remote attackers to silently redirect authent
Open redirect in the Aqara IAM/SSO Gateway (gw-builder.aqara.com) allows remote unauthenticated attackers to craft Aqara
Open redirection in Password Manager exposes users to phishing attacks by failing to validate the X-Forwarded-Host HTTP
Open redirection in the Password Manager authentication system enables network-accessible, unauthenticated attackers to
Share
External POC / Exploit Code
Leaving vuln.today