CVE-2025-1556

MEDIUM

Westboy Cicadascms - Insecure Deserialization

Title source: rule

Description

A vulnerability, which was classified as problematic, has been found in westboy CicadasCMS 1.0. This issue affects some unknown processing of the file /system of the component Template Management. The manipulation leads to deserialization. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

References (4)

[Exploit, Third Party Advisory] https://github.com/FightingLzn9/vul/blob/main/CicadasCMS(2).md

View Exploit ZIP pw:eip

[Permissions Required, VDB Entry] https://vuldb.com/?ctiid.296507

[Third Party Advisory, VDB Entry] https://vuldb.com/?id.296507

[Third Party Advisory, VDB Entry] https://vuldb.com/?submit.499520

Scores

CVSS v3 4.7

EPSS 0.0027

EPSS Percentile 50.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L

Classification

CWE

CWE-502 CWE-20

Status published

Affected Products (1)

westboy/cicadascms

Timeline

Published Feb 22, 2025

Tracked Since Feb 18, 2026