CVE-2025-28099
MEDIUMopencms V2.3 - Path Traversal and Arbitrary File Read in dataPage.jsp
Title source: llmDescription
opencms V2.3 is vulnerable to Arbitrary file read in src/main/webapp/view/admin/document/dataPage.jsp,
References (2)
Core 2
Core References
Third Party Advisory
https://gist.github.com/kaoniniang2/e159346725f50d6c44c82214970f02b8
Exploit, Issue Tracking
https://gitee.com/fumiao/opencms/issues/IBLJLM
Scores
CVSS v3
4.3
EPSS
0.0031
EPSS Percentile
54.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-22
Status
published
Products (1)
fumiao/opencms
2.3
Published
Apr 21, 2025
Tracked Since
Feb 18, 2026