CVE-2025-1113

MEDIUM

Taisan Tarzan-cms - Insecure Deserialization

Title source: rule

Description

A vulnerability was found in taisan tarzan-cms up to 1.0.0. It has been rated as critical. This issue affects the function upload of the file /admin#themes of the component Add Theme Handler. The manipulation leads to deserialization. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Exploits (1)

gitee 49 stars

by taisan · javawriteup

https://gitee.com/taisan/tarzan-cms/issues/IBHZ0J

References (3)

[Exploit, Issue Tracking] https://gitee.com/taisan/tarzan-cms/issues/IBHZ0J

[Permissions Required, VDB Entry] https://vuldb.com/?ctiid.295019

[Third Party Advisory, VDB Entry] https://vuldb.com/?id.295019

Scores

CVSS v3 6.3

EPSS 0.0013

EPSS Percentile 32.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Classification

CWE

CWE-502 CWE-20

Status published

Affected Products (1)

taisan/tarzan-cms

Timeline

Published Feb 07, 2025

Tracked Since Feb 18, 2026