CVE-2025-1743

MEDIUM EXPLOITED NUCLEI

zyx0814 Pichome 2.1.0 - Path Traversal

Title source: llm

Description

A vulnerability, which was classified as critical, was found in zyx0814 Pichome 2.1.0. This affects an unknown part of the file /index.php?mod=textviewer. The manipulation of the argument src leads to path traversal. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Nuclei Templates (1)

Pichome 2.1.0 - Arbitrary File Read

HIGHVERIFIEDby 3th1c_yuk1

Shodan: title:"PicHome"

FOFA: title="PicHome"

References (4)

[Issue Tracking] https://github.com/sheratan4/cve/issues/4

[Permissions Required, VDB Entry] https://vuldb.com/?ctiid.297831

[Permissions Required, VDB Entry] https://vuldb.com/?id.297831

[Permissions Required, VDB Entry] https://vuldb.com/?submit.502168

Scores

CVSS v3 5.3

EPSS 0.0914

EPSS Percentile 92.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Details

VulnCheck KEV 2026-02-02

CWE

CWE-22

Status published

Products (1)

zyx0814/Pichome 2.1.0

Published Feb 27, 2025

Tracked Since Feb 18, 2026