CVE-2025-15009 | liweiyi ChestnutCMS up to 1.5.8 Filename /dev-api/common/upload FilenameUtils.getExtension File unrestricted upload

Uncategorized
Yanac

A vulnerability was found in liweiyi ChestnutCMS up to 1.5.8. It has been declared as critical. This vulnerability affects the function FilenameUtils.getExtension of the file /dev-api/common/upload of the component Filename Handler. Executing manipulation of the argument File can lead to unrestricted upload.

The identification of this vulnerability is CVE-2025-15009. The attack may be launched remotely. Furthermore, there is an exploit available.VulDB Recent EntriesRead More