CVE-2025-1113 MEDIUM

CVE-2025-1113: taisan tarzan-cms Add Theme admin#themes upload deserialization

Vendor Taisan
Product tarzan-cms
Weakness CWE-502 · Unsafe deserialization
Published February 7, 2025
Last update February 7, 2025

CVSS base score

5.3/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

What the vulnerability does

01Description

A vulnerability was found in taisan tarzan-cms up to 1.0.0. It has been rated as critical. This issue affects the function upload of the file /admin#themes of the component Add Theme Handler. The manipulation leads to deserialization. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Key dates

02Disclosure timeline

February 7, 2025 CVE published
February 7, 2025 Record updated