Sanluan PublicCMS CVE-2025-7953
LOWSeverity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
1DescriptionCVE.org
A vulnerability, which was classified as problematic, has been found in Sanluan PublicCMS up to 5.202506.a. This issue affects some unknown processing of the file publiccms-parent/publiccms/src/main/webapp/resource/plugins/pdfjs/viewer.html. The manipulation of the argument File leads to open redirect. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The patch is named f1af17af004ca9345c6fe4d5936d87d008d26e75. It is recommended to apply a patch to fix this issue.
AnalysisAI
Open redirect vulnerability in Sanluan PublicCMS up to version 5.202506.a allows authenticated remote attackers to redirect users to arbitrary URLs via manipulation of the File parameter in the PDF.js viewer component, requiring user interaction to trigger the redirect. The vulnerability has publicly available exploit code and affects the PDF viewer resource file, though real-world impact is limited by the requirement for prior authentication and user click interaction.
Technical ContextAI
The vulnerability exists in the PDF.js viewer component located at publiccms-parent/publiccms/src/main/webapp/resource/plugins/pdfjs/viewer.html. PDF.js is a popular JavaScript PDF rendering library, and the vulnerability stems from improper validation of the File parameter input, allowing attackers to craft malicious URLs that bypass URL validation checks. This is classified as CWE-601 (URL Redirection to Untrusted Site), a common attack vector in web applications where user-supplied input is used to construct redirect targets without proper sanitization. The vulnerability affects PublicCMS versions through 5.202506.a via the CPE cpe:2.3:a:publiccms:publiccms:*:*:*:*:*:*:*:*.
RemediationAI
Apply the vendor-released patch immediately by upgrading to the version containing commit f1af17af004ca9345c6fe4d5936d87d008d26e75 or later. Organizations should obtain the patched version from the official Sanluan PublicCMS GitHub repository at https://github.com/sanluan/PublicCMS/commit/f1af17af004ca9345c6fe4d5936d87d008d26e75. As a temporary compensating control if immediate patching is not feasible, restrict access to the PDF viewer functionality to trusted internal users only by implementing network-level access controls to the publiccms/resource/plugins/pdfjs/viewer.html endpoint, though this may impact legitimate PDF viewing functionality. Additionally, implement Content Security Policy (CSP) headers to restrict redirect targets and validate all user-supplied URL parameters before use.
More from same product – last 7 days
Host header injection in Nezha Monitoring versions 1.0.0 through 2.2.0 allows unauthenticated remote attackers to redire
Open redirect in Roxy-WI versions 8.2.6.4 and prior allows unauthenticated remote attackers to silently redirect authent
Open redirect in the Aqara IAM/SSO Gateway (gw-builder.aqara.com) allows remote unauthenticated attackers to craft Aqara
Open redirection in Password Manager exposes users to phishing attacks by failing to validate the X-Forwarded-Host HTTP
Open redirection in the Password Manager authentication system enables network-accessible, unauthenticated attackers to
Share
External POC / Exploit Code
Leaving vuln.today