← back
CVE-2025-14532

Remote Code Execution via Unrestricted File Upload in DobryCMS

CVSS 9.3 CRITICALEPSS 0.5%CWE-434
Vexday Risk Score
28Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 9.3EPSS 0.5%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
02 Mar 2026Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
DobryCMS's upload file functionality allows an unauthenticated remote attacker to upload files of any type and extension without restriction, which can result in Remote Code Execution. This issue was fixed in versions above 5.0.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L