CVE-2025-12923 | liweiyi ChestnutCMS up to 1.5.8 /dev-api/common/download resourceDownload path path traversal

A vulnerability labeled as problematic has been found in liweiyi ChestnutCMS up to 1.5.8. This vulnerability affects the function resourceDownload of the file /dev-api/common/download. Executing manipulation of the argument path can lead to path traversal.

This vulnerability is tracked as CVE-2025-12923. The attack can be launched remotely. Moreover, an exploit is present.VulDB Recent EntriesRead More