FoxCMS 1.2.5 - Remote Code Execution (RCE)

Date: 2025-04-17 Exploit Title: Exploit Author: VeryLazyTech Vendor Homepage: https://www.foxcms.org/ Software Link: https://www.foxcms.cn/ Version: FoxCMS v.1.2.5 Tested on: Ubuntu 22.04, Windows Server 2019 CVE: CVE-2025-29306 Website: https://www.verylazytech.com !/bin/bash banner cat " exit 1...

CVE-2025-25789

FoxCMS v1.2.5 was discovered to contain a remote code execution RCE vulnerability via the index method at \controller\Sitemap.php...