CVE-2025-14532

EUVD-2025-208154
DobryCMS's upload file functionality allows an unauthenticated remote attacker to upload files of any type and extension without restriction, which can result in Remote Code Execution.

This issue was fixed in versions above 5.0.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Affected Products (NVD)
VendorProductVersion
studiofabrykadorbycms
1.0 ≤
𝑥
≤ 5.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://cert.pl/posts/2026/03/CVE-2025-12462/