EUVD-2025-208154

🗓️ 02 Mar 2026 12:49:05Reported by EUVDType

Unauthenticated attacker can upload arbitrary files, enabling remote code execution; fixed in versions above 5.0.

Reporter	Title	Published	Views	Family All 19
ATTACKERKB	CVE-2025-12462	2 Mar 202612:49	–	attackerkb
Circl	CVE-2025-12462	2 Mar 202612:55	–	circl
Circl	CVE-2025-14532	2 Mar 202612:55	–	circl
CNNVD	Studio Fabryka DobryCMS 代码问题漏洞	2 Mar 202600:00	–	cnnvd
CNNVD	Studio Fabryka DobryCMS SQL注入漏洞	2 Mar 202600:00	–	cnnvd
CVE	CVE-2025-12462	2 Mar 202612:49	–	cve
CVE	CVE-2025-14532	2 Mar 202612:49	–	cve
Cvelist	CVE-2025-12462 Blind SQL Injection in DobryCMS	2 Mar 202612:49	–	cvelist
Cvelist	CVE-2025-14532 Remote Code Execution via Unrestricted File Upload in DobryCMS	2 Mar 202612:49	–	cvelist
EUVD	EUVD-2025-208153	2 Mar 202612:49	–	euvd

[
  {
    "enisaIdVendor": [
      {
        "id": "1bbc0946-80d6-3e3e-b50e-340f3f033121",
        "vendor": {
          "name": "Studio Fabryka"
        }
      }
    ],
    "enisaIdProduct": [
      {
        "id": "d2a99321-1cb2-375c-b4c6-385e268bd978",
        "product": {
          "name": "DobryCMS"
        },
        "product_version": "5.0"
      },
      {
        "id": "d7d5ce52-7319-3617-bdbb-687ce6e52018",
        "product": {
          "name": "DobryCMS"
        },
        "product_version": "2.0 ≤2.*"
      },
      {
        "id": "f049c5a2-27bb-3d86-9a03-e8e05c98b6e2",
        "product": {
          "name": "DobryCMS"
        },
        "product_version": "1.0 ≤1.*"
      }
    ]
  }
]

Source	Link
cert	www.cert.pl/posts/2026/03/CVE-2025-12462/

02 Mar 2026 12:49Current

6Medium risk

Vulners AI Score6

CVSS 49.3

EPSS0.00536

SSVC