CVE Alert: CVE-2025-10116 – n/a – SiempreCMS

September 9, 2025

CVE-2025-10116

HIGHNo exploitation known

A vulnerability was identified in SiempreCMS up to 1.3.6. This vulnerability affects unknown code of the file /docs/admin/file_upload.php. Such manipulation leads to unrestricted upload. The attack may be launched remotely. The exploit is publicly available and might be used.

CVSS v3.1 (7.3)
Vendor
n/a
Product
SiempreCMS
Versions
1.3.0 | 1.3.1 | 1.3.2 | 1.3.3 | 1.3.4 | 1.3.5 | 1.3.6
CWE
CWE-434, Unrestricted Upload
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R
Published
2025-09-09T01:02:07.390Z
Updated
2025-09-09T01:02:07.390Z

AI Summary Analysis

**Risk verdict**: High risk due to unauthenticated remote unrestricted file upload via an admin endpoint, with a publicly available exploit.

**Why this matters**: An attacker can upload arbitrary files, potentially PHP scripts, and access or execute them on the server. Even with limited direct impact per CVSS, this can lead to web shell access, defacement, or data exposure, especially if uploads land in or are served from the web root.

**Most likely attack path**: Remote attacker targets the /docs/admin/file_upload.php endpoint, exploiting lack of access controls. No user interaction or privileges required makes exploitation straightforward; once a payload is uploaded, the attacker can attempt to access or execute it from the web server, enabling further compromise or impact.

**Who is most exposed**: Web deployments of SiempreCMS 1.3.x in public-facing hosting environments (shared or small/medium setups) with web-accessible admin paths are most at risk, particularly where uploads are not strictly sandboxed or isolated from the web root.

Detection ideas

  • Sudden creation of new files in the upload directory, especially with unusual names or PHP extensions.
  • HTTP requests to the upload endpoint containing suspicious content-type or payloads designed to bypass validation.
  • Access attempts to recently uploaded files (and unexpected execution results or errors).
  • Anomalous spikes in upload activity from unauthenticated sources.
  • Logs showing failed or unusual permission changes around the upload area.

Mitigation and prioritisation

  • Patch to a fixed version or apply vendor-supplied mitigations; disable unrestricted uploads if possible.
  • Enforce strict server-side validation of file type, size, and content; forbid executable extensions in the upload path.
  • Move uploads outside the web root and/or configure the server to deny execution in the upload directory; apply proper access controls to the admin area.
  • Implement authentication-required upload forms with CSRF protection and audit logging.
  • Enable WAF/IPS rules for suspicious file upload patterns and file-name abuse; coordinate with change-management for a controlled deployment.

A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.

If you like the site, please support us on “Patreon” or “Buy Me A Coffee” using the buttons below

Buy Me A Coffee
Patreon

To keep up to date follow us on the below channels.

Tags: , , , , ,

You may have missed

hackerone

HackerOne Bug Bounty Disclosure: confirmed-security-misconfigurations-on-curl-se-breach-missing-security-headers-etag-info-disclosure-mohmed-shoukry

September 9, 2025
image

CVE Alert: CVE-2025-41701 – Beckhoff – TE1000 | TwinCAT 3 Enineering

September 9, 2025
image

CVE Alert: CVE-2025-9539 – rubengc – AutomatorWP – Automator plugin for no-code automations, webhooks & custom integrations in WordPress

September 9, 2025
image

CVE Alert: CVE-2025-40796 – Siemens – SIMATIC PCS neo V4.1

September 9, 2025
image

CVE Alert: CVE-2025-40798 – Siemens – SIMATIC PCS neo V4.1

September 9, 2025