- Description
- A vulnerability classified as critical has been found in westboy CicadasCMS 1.0. This affects an unknown part of the file /upload/ of the component JSP Parser. The manipulation of the argument File leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
- Source
- cna@vuldb.com
- NVD status
- Analyzed
CVSS 4.0
- Type
- Secondary
- Base score
- 5.3
- Impact score
- -
- Exploitability score
- -
- Vector string
- CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
- Severity
- MEDIUM
CVSS 3.1
- Type
- Primary
- Base score
- 8.8
- Impact score
- 5.9
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
CVSS 2.0
- Type
- Secondary
- Base score
- 6.5
- Impact score
- 6.4
- Exploitability score
- 8
- Vector string
- AV:N/AC:L/Au:S/C:P/I:P/A:P
- Hype score
- Not currently trending
🚨 CVE-2025-3585 🟠 MEDIUM (5.3) 🏢 westboy - CicadasCMS 🏗️ 1.0 🔗 https://t.co/mMdISF97Np 🔗 https://t.co/jIoquRZAdd 🔗 https://t.co/wtpPQoRh8G 🔗 https://t.co/L2W057FhHg #CyberCron #VulnAlert #InfoSec https://t.co/CfM6KQ9upN
@cybercronai
16 Apr 2025
27 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-3585 Unrestricted File Upload Vulnerability in westboy CicadasCMS 1.0 JSP Parser https://t.co/C9rq4MMXFG
@VulmonFeeds
14 Apr 2025
13 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:westboy:cicadascms:1.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9379B538-FA85-401F-9C78-CA16985000E1"
}
],
"operator": "OR"
}
]
}
]