CVE-2025-5552

MEDIUM

ChestnutCMS <15.1 - Deserialization

Title source: llm

Description

A vulnerability was found in ChestnutCMS up to 15.1. It has been declared as critical. This vulnerability affects unknown code of the file /dev-api/groovy/exec of the component API Endpoint. The manipulation leads to deserialization. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

References (4)

[Exploit, Issue Tracking] https://github.com/byxs0x0/cve/issues/7

[Permissions Required, VDB Entry] https://vuldb.com/?ctiid.311002

[Third Party Advisory, VDB Entry] https://vuldb.com/?id.311002

[Exploit, Third Party Advisory, VDB Entry] https://vuldb.com/?submit.587199

Scores

CVSS v3 6.3

EPSS 0.0011

EPSS Percentile 29.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Classification

CWE

CWE-502 CWE-20

Status published

Affected Products (1)

1000mz/chestnutcms

Timeline

Published Jun 04, 2025

Tracked Since Feb 18, 2026