CVE-2022-25581

HIGH

classcms < 2.5 - Arbitrary File Upload and Remote Code Execution via Crafted .txt File

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2022-25581. PoCs published by wooluo.

AI-analyzed exploit summary This is a Python exploit for CVE-2022-25581, targeting ClassCMS 2.4. It automates login, CSRF token extraction, malicious ZIP upload via SSRF, and webshell access.

Description

Classcms v2.5 and below contains an arbitrary file upload via the component \class\classupload. This vulnerability allows attackers to execute code injection via a crafted .txt file.

Exploits (1)

nomisec WORKING POC

by wooluo · poc

https://github.com/wooluo/CVE-2022-25581

View Code ZIP pw:eip

This is a Python exploit for CVE-2022-25581, targeting ClassCMS 2.4. It automates login, CSRF token extraction, malicious ZIP upload via SSRF, and webshell access.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: ClassCMS 2.4

Auth required

Prerequisites: known admin credentials · accessible attacker-controlled HTTP server · target running ClassCMS 2.4 with PHP 5.5+

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1210 - Exploitation of Remote Services T1505 - Server Software Component

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Core References

Exploit, Third Party Advisory x_refsource_misc

https://github.com/k0xx11/Vulscve/blob/master/classcms2.5-rce.md

Scores

CVSS v3 7.8

EPSS 0.0110

EPSS Percentile 61.6%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE

CWE-434

Status published

Products (1)

classcms/classcms < 2.5

Published Mar 18, 2022

Tracked Since Feb 18, 2026