CVE-2025-45242
HIGHrhymix v2.1.22 - Arbitrary File Deletion via procFileAdminEditImage Method
Title source: llmDescription
Rhymix v2.1.22 was discovered to contain an arbitrary file deletion vulnerability via the procFileAdminEditImage method in /file/file.admin.controller.php.
References (3)
Core 3
Core References
Broken Link
http://rhymix.com
Third Party Advisory
https://gist.github.com/chao112122/536a55fece5f578b90cee2c841eecdce
Product
https://github.com/rhymix/rhymix
Scores
CVSS v3
7.7
EPSS
0.0035
EPSS Percentile
26.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-922
Status
published
Products (1)
rhymix/rhymix
2.1.22
Published
May 05, 2025
Tracked Since
Feb 18, 2026