CVE-2025-14008 | dayrui XunRuiCMS up to 4.7.1 Project Domain Change Test admin79f2ec220c7e.php?c=api&m=test_site_domain v server-side request forgery

December 4, 2025 Yanac

A vulnerability classified as critical has been found in dayrui XunRuiCMS up to 4.7.1. This vulnerability affects unknown code of the file admin79f2ec220c7e.php?c=api&m=test_site_domain of the component Project Domain Change Test. This manipulation of the argument v causes server-side request forgery.

The identification of this vulnerability is CVE-2025-14008. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.VulDB Recent EntriesRead More