Metrics
Affected Vendors & Products
| Source | ID | Title |
|---|---|---|
EUVD |
EUVD-2025-16801 | A vulnerability was found in ChestnutCMS up to 15.1. It has been declared as critical. This vulnerability affects unknown code of the file /dev-api/groovy/exec of the component API Endpoint. The manipulation leads to deserialization. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. |
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
Fri, 03 Oct 2025 01:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
1000mz
1000mz chestnutcms |
|
| Weaknesses | NVD-CWE-noinfo | |
| CPEs | cpe:2.3:a:1000mz:chestnutcms:*:*:*:*:*:*:*:* | |
| Vendors & Products |
1000mz
1000mz chestnutcms |
Wed, 04 Jun 2025 14:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Wed, 04 Jun 2025 02:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | A vulnerability was found in ChestnutCMS up to 15.1. It has been declared as critical. This vulnerability affects unknown code of the file /dev-api/groovy/exec of the component API Endpoint. The manipulation leads to deserialization. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | |
| Title | ChestnutCMS API Endpoint exec deserialization | |
| Weaknesses | CWE-20 CWE-502 |
|
| References |
| |
| Metrics |
cvssV2_0
|
Status: PUBLISHED
Assigner: VulDB
Published:
Updated: 2025-06-04T13:30:53.211Z
Reserved: 2025-06-03T16:44:11.176Z
Link: CVE-2025-5552
Updated: 2025-06-04T13:30:45.186Z
Status : Analyzed
Published: 2025-06-04T03:15:27.317
Modified: 2025-10-03T01:04:38.463
Link: CVE-2025-5552
No data.
OpenCVE Enrichment
No data.
EUVD