CVE-2025-46080

MEDIUM

Huocms - Unrestricted File Upload

Title source: rule

Description

HuoCMS V3.5.1 has a File Upload Vulnerability. An attacker can exploit this flaw to bypass whitelist restrictions and craft malicious files with specific suffixes, thereby gaining control of the server.

Exploits (1)

nomisec WORKING POC

by yggcwhat · poc

https://github.com/yggcwhat/CVE-2025-46080

View Code ZIP pw:eip

References (2)

[Exploit, Third Party Advisory] https://github.com/yggcwhat/CVE-2025-46080/

[Exploit, Third Party Advisory] https://github.com/yggcwhat/test2/blob/main/README.md

Scores

CVSS v3 5.3

EPSS 0.0028

EPSS Percentile 51.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact partial

Details

CWE

CWE-434

Status published

Products (1)

huocms/huocms 3.5.1

Published May 29, 2025

Tracked Since Feb 18, 2026