CVE-2025-65602

Severity CVSS v4.0:

Pending analysis

Type:

Unavailable / Other

Publication date:

10/12/2025

Last modified:

10/12/2025

Description

A template injection vulnerability in the /vip/v1/file/save component of ChanCMS v3.3.4 allows attackers to execute arbitrary code via a crafted POST request.

Impact

References to Advisories, Solutions, and Tools

https://gitee.com/chancms/ChanCMS
https://www.notion.so/ChanCMS-Unauthenticated-RCE-2a3ee9235ba380fc9973e16c06258689
https://www.notion.so/ChanCMS-Unauthenticated-RCE-2a3ee9235ba380fc9973e16c06258689?source=copy_link