CVE-2025-11939 ChurchCRM Backup Restore RestoreJob.php path traversal

🗓️ 19 Oct 2025 08:02:05Reported by VulDBType

CVE-2025-11939 ChurchCRM enables remote path traversal via RestoreJob.php restoreFile up to 5.18.0.

Reporter	Title	Published	Views	Family All 9
ATTACKERKB	CVE-2025-11939	19 Oct 202508:02	–	attackerkb
Circl	CVE-2025-11939	19 Oct 202508:50	–	circl
CNNVD	ChurchCRM 路径遍历漏洞	19 Oct 202500:00	–	cnnvd
CNVD	ChurchCRM Path Traversal Vulnerability	23 Oct 202500:00	–	cnvd
CVE	CVE-2025-11939	19 Oct 202508:02	–	cve
EUVD	EUVD-2025-35004	19 Oct 202509:30	–	euvd
NVD	CVE-2025-11939	19 Oct 202508:15	–	nvd
RedhatCVE	CVE-2025-11939	20 Oct 202519:28	–	redhatcve
Vulnrichment	CVE-2025-11939 ChurchCRM Backup Restore RestoreJob.php path traversal	19 Oct 202508:02	–	vulnrichment

[
  {
    "vendor": "n/a",
    "product": "ChurchCRM",
    "versions": [
      {
        "version": "5.0",
        "status": "affected"
      },
      {
        "version": "5.1",
        "status": "affected"
      },
      {
        "version": "5.2",
        "status": "affected"
      },
      {
        "version": "5.3",
        "status": "affected"
      },
      {
        "version": "5.4",
        "status": "affected"
      },
      {
        "version": "5.5",
        "status": "affected"
      },
      {
        "version": "5.6",
        "status": "affected"
      },
      {
        "version": "5.7",
        "status": "affected"
      },
      {
        "version": "5.8",
        "status": "affected"
      },
      {
        "version": "5.9",
        "status": "affected"
      },
      {
        "version": "5.10",
        "status": "affected"
      },
      {
        "version": "5.11",
        "status": "affected"
      },
      {
        "version": "5.12",
        "status": "affected"
      },
      {
        "version": "5.13",
        "status": "affected"
      },
      {
        "version": "5.14",
        "status": "affected"
      },
      {
        "version": "5.15",
        "status": "affected"
      },
      {
        "version": "5.16",
        "status": "affected"
      },
      {
        "version": "5.17",
        "status": "affected"
      },
      {
        "version": "5.18.0",
        "status": "affected"
      }
    ],
    "cpes": [
      "cpe:2.3:a:churchcrm:churchcrm:*:*:*:*:*:*:*:*"
    ],
    "modules": [
      "Backup Restore Handler"
    ]
  }
]

Source	Link
vuldb	www.vuldb.com/
vuldb	www.vuldb.com/
github	www.github.com/uartu0/advisories/blob/main/churchcrm-path-traversal-rce-2025.md
vuldb	www.vuldb.com/

24 Feb 2026 07:02Current

CVSS 3.14.7

CVSS 34.7

CVSS 45.1

CVSS 25.8

EPSS0.00316

CWE-22