CVE-2025-5381 | Yifang CMS up to 2.0.2 Admin Panel /api/File/downloadFile path traversal (IC0RCX)

May 30, 2025 Yanac

A vulnerability, which was classified as problematic, was found in Yifang CMS up to 2.0.2. Affected is the function downloadFile of the file /api/File/downloadFile of the component Admin Panel. The manipulation of the argument File leads to path traversal.

This vulnerability is traded as CVE-2025-5381. It is possible to launch the attack remotely. Furthermore, there is an exploit available.VulDB Recent EntriesRead More