CVE-2025-15589

A vulnerability was determined in MuYuCMS 2.7. Affected is the function delete_dir_file of the file application/admin/controller/Template.php of the component Template Management Page. This manipulation of the argument temn/tp causes path traversal. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.

CVSS v3 3.8 LOW
CVSS v2.0 4.7 MEDIUM

3.8^/10

CVSS v3 : LOW

V3 Legend

Vector :

Exploitability : 1.2 / Impact : 2.5

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact LOW

Scope UNCHANGED

4.7^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:M/C:N/I:P/A:P

Exploitability : 6.4 / Impact : 4.9

Access Vector NETWORK

Access Complexity LOW

Authentication MULTIPLE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
https://gist.github.com/b1uel0n3/275ac353537ecf4c8973d33fa0d5b0fe	Exploit Third Party Advisory
https://gist.github.com/b1uel0n3/275ac353537ecf4c8973d33fa0d5b0fe#proof-of-concept	Exploit Third Party Advisory
https://vuldb.com/?ctiid.336710	Permissions Required VDB Entry
https://vuldb.com/?id.336710	Third Party Advisory VDB Entry
https://vuldb.com/?submit.702489	Third Party Advisory VDB Entry

Configurations

Configuration 1 (hide)

cpe:2.3:a:muyucms:muyucms:2.7:*:*:*:*:*:*:*

History

26 Feb 2026, 17:25

Type	Values Removed	Values Added
CPE		cpe:2.3:a:muyucms:muyucms:2.7:::::::*
First Time		Muyucms muyucms Muyucms
References	~~() https://gist.github.com/b1uel0n3/275ac353537ecf4c8973d33fa0d5b0fe -~~	() https://gist.github.com/b1uel0n3/275ac353537ecf4c8973d33fa0d5b0fe - Exploit, Third Party Advisory
References	~~() https://gist.github.com/b1uel0n3/275ac353537ecf4c8973d33fa0d5b0fe#proof-of-concept -~~	() https://gist.github.com/b1uel0n3/275ac353537ecf4c8973d33fa0d5b0fe#proof-of-concept - Exploit, Third Party Advisory
References	~~() https://vuldb.com/?ctiid.336710 -~~	() https://vuldb.com/?ctiid.336710 - Permissions Required, VDB Entry
References	~~() https://vuldb.com/?id.336710 -~~	() https://vuldb.com/?id.336710 - Third Party Advisory, VDB Entry
References	~~() https://vuldb.com/?submit.702489 -~~	() https://vuldb.com/?submit.702489 - Third Party Advisory, VDB Entry
Summary		(es) Se encontró una vulnerabilidad en MuYuCMS 2.7 que afecta a la función delete_dir_file del archivo application/admin/controller/Template.php del componente Template Management Page. Esta manipulación del argumento temn/tp provoca un salto de ruta. Es posible iniciar el ataque en remoto. El exploit ha sido divulgado públicamente y puede ser utilizado. El proveedor fue contactado con antelación sobre esta divulgación pero no respondió de ninguna manera.

24 Feb 2026, 06:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-02-24 06:16

Updated : 2026-02-26 17:25

NVD link : CVE-2025-15589

Mitre link : CVE-2025-15589

CVE.ORG link : CVE-2025-15589

JSON object : View

Products Affected

muyucms

muyucms

CWE

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

3.8 /10

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact LOW

Scope UNCHANGED

4.7 /10

Access Vector NETWORK

Access Complexity LOW

Authentication MULTIPLE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact PARTIAL

JSON object

Attach tags to CVE-2025-15589

3.8^/10

4.7^/10

Attach tags to `CVE-2025-15589`