CVE-2025-15009 liweiyi ChestnutCMS Filename upload FilenameUtils.getExtension unrestricted upload

🗓️ 22 Dec 2025 02:32:05Reported by VulDBType

CVE-2025-15009 ChestnutCMS up to 1.5.8 allows unrestricted file upload via FilenameUtils.

Reporter	Title	Published	Views	Family All 8
CNNVD	ChestnutCMS 代码问题漏洞	22 Dec 202500:00	–	cnnvd
CVE	CVE-2025-15009	22 Dec 202502:32	–	cve
EUVD	EUVD-2025-204682	22 Dec 202502:32	–	euvd
NVD	CVE-2025-15009	22 Dec 202503:15	–	nvd
OSV	CVE-2025-15009	22 Dec 202503:15	–	osv
Positive Technologies	PT-2025-52621	22 Dec 202500:00	–	ptsecurity
RedhatCVE	CVE-2025-15009	23 Dec 202502:45	–	redhatcve
Vulnrichment	CVE-2025-15009 liweiyi ChestnutCMS Filename upload FilenameUtils.getExtension unrestricted upload	22 Dec 202502:32	–	vulnrichment

[
  {
    "vendor": "liweiyi",
    "product": "ChestnutCMS",
    "versions": [
      {
        "version": "1.5.0",
        "status": "affected"
      },
      {
        "version": "1.5.1",
        "status": "affected"
      },
      {
        "version": "1.5.2",
        "status": "affected"
      },
      {
        "version": "1.5.3",
        "status": "affected"
      },
      {
        "version": "1.5.4",
        "status": "affected"
      },
      {
        "version": "1.5.5",
        "status": "affected"
      },
      {
        "version": "1.5.6",
        "status": "affected"
      },
      {
        "version": "1.5.7",
        "status": "affected"
      },
      {
        "version": "1.5.8",
        "status": "affected"
      }
    ],
    "modules": [
      "Filename Handler"
    ]
  }
]

Source	Link
vuldb	www.vuldb.com/
github	www.github.com/yuccun/CVE/blob/main/ChestnutCMS-Arbitrary_File_Upload.md
vuldb	www.vuldb.com/
vuldb	www.vuldb.com/
github	www.github.com/yuccun/CVE/blob/main/ChestnutCMS-Arbitrary_File_Upload.md

22 Dec 2025 02:32Current

CVSS 45.3

CVSS 3.16.3

CVSS 36.3

CVSS 26.5

EPSS0.00043