CVE-2025-3977

MEDIUM

iteachyou Dreamer CMS <4.1.3 - Info Disclosure

Title source: llm

Description

A vulnerability was found in iteachyou Dreamer CMS up to 4.1.3. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/attachment/download of the component Attachment Handler. The manipulation of the argument ID leads to improper authorization. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Exploits (1)

References (4)

Scores

CVSS v3 4.3
EPSS 0.0014
EPSS Percentile 33.3%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Details

CWE
CWE-266 CWE-862 CWE-285
Status published
Products (1)
iteachyou/dreamer_cms < 4.1.3
Published Apr 27, 2025
Tracked Since Feb 18, 2026