CVE-2025-65657
MEDIUMFeehiCMS 2.1.1 - Authenticated Remote Code Execution via Unrestricted File Upload in Ad Management
Title source: llmDescription
FeehiCMS version 2.1.1 has a Remote Code Execution via Unrestricted File Upload in Ad Management. FeehiCMS version 2.1.1 allows authenticated remote attackers to upload files that the server later executes (or stores in an executable location) without sufficient validation, sanitization, or execution restrictions. An authenticated remote attacker can upload a crafted PHP file and cause the application or web server to execute it, resulting in remote code execution (RCE).
References (2)
Core 2
Core References
Exploit, Third Party Advisory
https://github.com/kiwi865/CVEs/blob/main/CVE-2025-65657.md
Exploit, Third Party Advisory
https://github.com/liufee/cms/issues/78
Scores
CVSS v3
6.5
EPSS
0.0034
EPSS Percentile
25.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
yes
Technical Impact
total
Details
CWE
CWE-77
Status
published
Products (2)
feehi/cms
0Packagist
feehi/feehicms
2.1.1
Published
Dec 02, 2025
Tracked Since
Feb 18, 2026