CVE-2025-8266

MEDIUM EXPLOITED NUCLEI

chancms < 3.1.3 - Deserialization via getArticle Function

Title source: llm

Exploitation Summary

CVE-2025-8266 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 1 public exploit from researchers including Acczdy. A Nuclei detection template is also available.

AI-analyzed exploit summary This repository contains a functional Python exploit for CVE-2025-8266, a code injection vulnerability in ChanCMS ≤ 3.1.2. The exploit leverages the `parseData` parameter in the `getArticle` function to execute arbitrary system commands via JavaScript injection.

Description

A vulnerability has been found in yanyutao0402 ChanCMS up to 3.1.2 and classified as critical. Affected by this vulnerability is the function getArticle of the file app/modules/cms/controller/collect.js. The manipulation of the argument targetUrl leads to deserialization. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 3.1.3 is able to address this issue. It is recommended to upgrade the affected component.

Exploits (1)

github WORKING POC

by Acczdy · pythonpoc

https://github.com/Acczdy/CVE-Vault/tree/master/CVE-2025-8266

View Code ZIP pw:eip

This repository contains a functional Python exploit for CVE-2025-8266, a code injection vulnerability in ChanCMS ≤ 3.1.2. The exploit leverages the `parseData` parameter in the `getArticle` function to execute arbitrary system commands via JavaScript injection.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: ChanCMS ≤ 3.1.2

No auth needed

Prerequisites: Target running ChanCMS ≤ 3.1.2 · Network access to the target

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter T1203 - Exploitation for Client Execution

devstral-2 · analyzed Mar 09, 2026 Full analysis →

Nuclei Templates (1)

ChanCMS <= 3.1. - Remote Code Execution

CRITICALVERIFIEDby Ark

Shodan: html:"ChanCMS"

References (5)

Core 5

Core References

Third Party Advisory, VDB Entry vdb-entry technical-description

https://vuldb.com/?id.317857

Permissions Required, VDB Entry signature permissions-required

https://vuldb.com/?ctiid.317857

Exploit, Issue Tracking, Vendor Advisory exploit issue-tracking

https://gitee.com/yanyutao0402/ChanCMS/issues/ICLP61

Release Notes patch

https://gitee.com/yanyutao0402/ChanCMS/releases/tag/V3.1.3

Third Party Advisory, VDB Entry third-party-advisory

https://vuldb.com/?submit.622170

Scores

CVSS v3 6.3

EPSS 0.0082

EPSS Percentile 74.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

VulnCheck KEV 2026-03-31

CWE

CWE-20 CWE-502

Status published

Products (1)

chancms/chancms < 3.1.3

Published Jul 28, 2025

Tracked Since Feb 18, 2026