CVE-2025-1743
MEDIUM EXPLOITED NUCLEIzyx0814 Pichome 2.1.0 - Path Traversal
Title source: llmExploitation Summary
CVE-2025-1743 has been observed exploited in the wild (reported by VulnCheck KEV). A Nuclei detection template is also available.
Description
A vulnerability, which was classified as critical, was found in zyx0814 Pichome 2.1.0. This affects an unknown part of the file /index.php?mod=textviewer. The manipulation of the argument src leads to path traversal. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Nuclei Templates (1)
Pichome 2.1.0 - Arbitrary File Read
HIGHVERIFIEDby 3th1c_yuk1
Shodan:
title:"PicHome"
FOFA:
title="PicHome"
References (4)
Core 4
Core References
Permissions Required, VDB Entry vdb-entry
technical-description
https://vuldb.com/?id.297831
Permissions Required, VDB Entry signature
permissions-required
https://vuldb.com/?ctiid.297831
Permissions Required, VDB Entry third-party-advisory
https://vuldb.com/?submit.502168
Issue Tracking exploit
issue-tracking
https://github.com/sheratan4/cve/issues/4
Scores
CVSS v3
5.3
EPSS
0.0155
EPSS Percentile
71.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
yes
Technical Impact
partial
Details
VulnCheck KEV
2026-02-02
CWE
CWE-22
Status
published
Products (1)
zyx0814/Pichome
2.1.0
Published
Feb 27, 2025
Tracked Since
Feb 18, 2026