CVE-2025-2043
MEDIUMpb-cms 1.0.0 - Deserialization of Untrusted Data via Topic Key
Title source: llmDescription
A vulnerability was found in LinZhaoguan pb-cms 1.0.0 and classified as critical. This issue affects some unknown processing of the file /admin#themes of the component Add New Topic Handler. The manipulation of the argument Topic Key leads to deserialization. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
References (4)
Core 4
Core References
Third Party Advisory, VDB Entry vdb-entry
technical-description
https://vuldb.com/?id.298787
Permissions Required, VDB Entry signature
permissions-required
https://vuldb.com/?ctiid.298787
Third Party Advisory, VDB Entry third-party-advisory
https://vuldb.com/?submit.513243
Broken Link exploit
https://github.com/Jingyi-u/Pb-cms2/blob/main/README.md
Scores
CVSS v3
4.7
EPSS
0.0046
EPSS Percentile
36.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
partial
Details
CWE
CWE-20
CWE-502
Status
published
Products (1)
pb-cms_project/pb-cms
1.0.0
Published
Mar 06, 2025
Tracked Since
Feb 18, 2026