CVE-2025-2031
ChestnutCMS up to version 1.5.2 exposes a vulnerability in the file upload endpoint /dev-api/cms/file/upload. The root cause is lack of validation of the uploaded file in the parameter file, enabling an attacker to perform an unrestricted upload and remotely execute arbitrary code. Multiple sourc...