CVE-2025-7099

07.07.2025, 00:15

A vulnerability has been found in BoyunCMS up to 1.21 on PHP7 and classified as critical. Affected by this vulnerability is an unknown functionality of the file install/install2.php of the component Installation Handler. The manipulation of the argument db_host leads to deserialization. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	5.6 MEDIUM	NETWORK	HIGH	NONE	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
VulDB	CNA	5.6 MEDIUM				CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R
CISA-ADP	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 13%

Vendor	Product	Version
boyuncms_project	boyuncms	𝑥 ≤ 1.21

𝑥

= Vulnerable software versions

Common Weakness Enumeration

References

https://note-hxlab.wetolink.com/share/cQGEOmctNARD

https://vuldb.com/?ctiid.315013

https://vuldb.com/?id.315013

https://vuldb.com/?submit.604310

https://note-hxlab.wetolink.com/share/cQGEOmctNARD