CVE-2025-29306

Published Mar 27, 2025

Last updated 17 days ago

FoxCMS

Overview

AI description

Generated using AI and has not been reviewed by Intruder. May contain errors.

CVE-2025-29306 is a vulnerability found in FoxCMS version 1.2.5. It allows a remote attacker to execute arbitrary code through the "case display page" located in the `index.html` component. Specifically, the vulnerability resides within the FoxCMS software. An unauthenticated, remote attacker can exploit this vulnerability to inject and execute arbitrary code on the system by accessing the case display page.

Description: An issue in FoxCMS v.1.2.5 allows a remote attacker to execute arbitrary code via the case display page in the index.html component.
Source: cve@mitre.org
NVD status: Undergoing Analysis

Risk scores

CVSS 3.1

Type: Secondary
Base score: 9.8
Impact score: 5.9
Exploitability score: 3.9
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity: CRITICAL

Weaknesses

134c704f-9b21-4f2e-91b3-4a467353bcc0: CWE-94

Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.

Hype score: 10

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:foxcms:foxcms:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1EB18EC9-B9F3-4B18-BF1C-D09B20463740",
            "versionEndExcluding": "1.2.00"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]