CVE-2025-14004 | dayrui XunRuiCMS up to 4.7.1 Email Setting admind45f74adbd95.php?c=email&m=add server-side request forgery

December 4, 2025 Yanac

A vulnerability identified as critical has been detected in dayrui XunRuiCMS up to 4.7.1. Affected is an unknown function of the file /admind45f74adbd95.php?c=email&m=add of the component Email Setting Handler. Performing manipulation results in server-side request forgery.

This vulnerability is known as CVE-2025-14004. Remote exploitation of the attack is possible. Furthermore, an exploit is available.

The vendor was contacted early about this disclosure but did not respond in any way.VulDB Recent EntriesRead More