{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-8266", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2025-07-27T09:45:19.857Z", "datePublished": "2025-07-28T08:32:15.139Z", "dateUpdated": "2025-07-28T16:59:30.165Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2025-07-28T08:32:15.139Z"}, "title": "yanyutao0402 ChanCMS collect.js getArticle deserialization", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-502", "lang": "en", "description": "Deserialization"}]}, {"descriptions": [{"type": "CWE", "cweId": "CWE-20", "lang": "en", "description": "Improper Input Validation"}]}], "affected": [{"vendor": "yanyutao0402", "product": "ChanCMS", "versions": [{"version": "3.1.0", "status": "affected"}, {"version": "3.1.1", "status": "affected"}, {"version": "3.1.2", "status": "affected"}, {"version": "3.1.3", "status": "unaffected"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability has been found in yanyutao0402 ChanCMS up to 3.1.2 and classified as critical. Affected by this vulnerability is the function getArticle of the file app/modules/cms/controller/collect.js. The manipulation of the argument targetUrl leads to deserialization. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 3.1.3 is able to address this issue. It is recommended to upgrade the affected component."}, {"lang": "de", "value": "In yanyutao0402 ChanCMS bis 3.1.2 wurde eine Schwachstelle gefunden. Sie wurde als kritisch eingestuft. Betroffen ist die Funktion getArticle der Datei app/modules/cms/controller/collect.js. Dank Manipulation des Arguments targetUrl mit unbekannten Daten kann eine deserialization-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Ein Aktualisieren auf die Version 3.1.3 vermag dieses Problem zu l\u00f6sen. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 5.3, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P", "baseSeverity": "MEDIUM"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 6.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C", "baseSeverity": "MEDIUM"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 6.3, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C", "baseSeverity": "MEDIUM"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:OF/RC:C"}}], "timeline": [{"time": "2025-07-27T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2025-07-27T02:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2025-07-27T11:50:26.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "ZAST.AI (VulDB User)", "type": "reporter"}], "references": [{"url": "https://vuldb.com/?id.317857", "name": "VDB-317857 | yanyutao0402 ChanCMS collect.js getArticle deserialization", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.317857", "name": "VDB-317857 | CTI Indicators (IOB, IOC, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.622170", "name": "Submit #622170 | yanyutao0402 https://gitee.com/yanyutao0402/ChanCMS <3.1.3 Remote Code Execution", "tags": ["third-party-advisory"]}, {"url": "https://gitee.com/yanyutao0402/ChanCMS/issues/ICLP61", "tags": ["exploit", "issue-tracking"]}, {"url": "https://gitee.com/yanyutao0402/ChanCMS/releases/tag/V3.1.3", "tags": ["patch"]}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-07-28T16:58:27.329831Z", "id": "CVE-2025-8266", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-07-28T16:59:30.165Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-8266", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-07-28T16:58:27.329831Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-07-28T16:59:10.167Z"}}], "cna": {"title": "yanyutao0402 ChanCMS collect.js getArticle deserialization", "credits": [{"lang": "en", "type": "reporter", "value": "ZAST.AI (VulDB User)"}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 6.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 6.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:OF/RC:C"}}], "affected": [{"vendor": "yanyutao0402", "product": "ChanCMS", "versions": [{"status": "affected", "version": "3.1.0"}, {"status": "affected", "version": "3.1.1"}, {"status": "affected", "version": "3.1.2"}, {"status": "unaffected", "version": "3.1.3"}]}], "timeline": [{"lang": "en", "time": "2025-07-27T00:00:00.000Z", "value": "Advisory disclosed"}, {"lang": "en", "time": "2025-07-27T02:00:00.000Z", "value": "VulDB entry created"}, {"lang": "en", "time": "2025-07-27T11:50:26.000Z", "value": "VulDB entry last update"}], "references": [{"url": "https://vuldb.com/?id.317857", "name": "VDB-317857 | yanyutao0402 ChanCMS collect.js getArticle deserialization", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.317857", "name": "VDB-317857 | CTI Indicators (IOB, IOC, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.622170", "name": "Submit #622170 | yanyutao0402 https://gitee.com/yanyutao0402/ChanCMS <3.1.3 Remote Code Execution", "tags": ["third-party-advisory"]}, {"url": "https://gitee.com/yanyutao0402/ChanCMS/issues/ICLP61", "tags": ["exploit", "issue-tracking"]}, {"url": "https://gitee.com/yanyutao0402/ChanCMS/releases/tag/V3.1.3", "tags": ["patch"]}], "descriptions": [{"lang": "en", "value": "A vulnerability has been found in yanyutao0402 ChanCMS up to 3.1.2 and classified as critical. Affected by this vulnerability is the function getArticle of the file app/modules/cms/controller/collect.js. The manipulation of the argument targetUrl leads to deserialization. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 3.1.3 is able to address this issue. It is recommended to upgrade the affected component."}, {"lang": "de", "value": "In yanyutao0402 ChanCMS bis 3.1.2 wurde eine Schwachstelle gefunden. Sie wurde als kritisch eingestuft. Betroffen ist die Funktion getArticle der Datei app/modules/cms/controller/collect.js. Dank Manipulation des Arguments targetUrl mit unbekannten Daten kann eine deserialization-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Ein Aktualisieren auf die Version 3.1.3 vermag dieses Problem zu l\u00f6sen. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-502", "description": "Deserialization"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-20", "description": "Improper Input Validation"}]}], "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2025-07-28T08:32:15.139Z"}}}, "cveMetadata": {"cveId": "CVE-2025-8266", "state": "PUBLISHED", "dateUpdated": "2025-07-28T16:59:30.165Z", "dateReserved": "2025-07-27T09:45:19.857Z", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "datePublished": "2025-07-28T08:32:15.139Z", "assignerShortName": "VulDB"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:chancms:chancms:*:*:*:*:*:*:*:*", "matchCriteriaId": "411EA525-FE0B-4320-99AE-94E3195DA90C", "versionEndExcluding": "3.1.3", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability has been found in yanyutao0402 ChanCMS up to 3.1.2 and classified as critical. Affected by this vulnerability is the function getArticle of the file app/modules/cms/controller/collect.js. The manipulation of the argument targetUrl leads to deserialization. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 3.1.3 is able to address this issue. It is recommended to upgrade the affected component."}, {"lang": "es", "value": "Se ha detectado una vulnerabilidad en yanyutao0402 ChanCMS hasta la versi\u00f3n 3.1.2, clasificada como cr\u00edtica. Esta vulnerabilidad afecta a la funci\u00f3n getArticle del archivo app/modules/cms/controller/collect.js. La manipulaci\u00f3n del argumento targetUrl provoca la deserializaci\u00f3n. El ataque puede ejecutarse en remoto. Se ha hecho p\u00fablico el exploit y puede que sea utilizado. Actualizar a la versi\u00f3n 3.1.3 puede solucionar este problema. Se recomienda actualizar el componente afectado."}], "id": "CVE-2025-8266", "lastModified": "2025-08-27T16:24:18.630", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.4, "source": "cna@vuldb.com", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "PROOF_OF_CONCEPT", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2025-07-28T09:15:35.117", "references": [{"source": "cna@vuldb.com", "tags": ["Exploit", "Issue Tracking", "Vendor Advisory"], "url": "https://gitee.com/yanyutao0402/ChanCMS/issues/ICLP61"}, {"source": "cna@vuldb.com", "tags": ["Release Notes"], "url": "https://gitee.com/yanyutao0402/ChanCMS/releases/tag/V3.1.3"}, {"source": "cna@vuldb.com", "tags": ["Permissions Required", "VDB Entry"], "url": "https://vuldb.com/?ctiid.317857"}, {"source": "cna@vuldb.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://vuldb.com/?id.317857"}, {"source": "cna@vuldb.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://vuldb.com/?submit.622170"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}, {"lang": "en", "value": "CWE-502"}], "source": "cna@vuldb.com", "type": "Primary"}]}

{}