GCVE - cpe:2.3:a:n/a:chestnutcms:*:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:n/a:chestnutcms:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	N/A (`22f567d3-1203-528c-8f0e-3eb9c2f6ca78`)
Product	Chestnutcms (`ecdfb524-0f8d-5fbb-89a5-6658533fc23d`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2025-5552`	vulnerable	2026-06-08 07:37:25.150754	ChestnutCMS API Endpoint exec deserialization MEDIUM (6.3) A vulnerability was found in ChestnutCMS up to 15.1. It has been declared as critical. This vulnerability affects unknown code of the file /dev-api/groovy/exec of the component API Endpoint. The manipulation leads to deserialization. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Published: 2025-06-04T02:00:18.913Z Updated: 2025-06-04T13:30:53.211Z Open on db.gcve.eu Reference links https://vuldb.com/?id.311002 https://vuldb.com/?ctiid.311002 https://vuldb.com/?submit.587199 https://github.com/byxs0x0/cve/issues/7	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-2917`	vulnerable	2026-06-08 07:16:58.672914	ChestnutCMS read readFile path traversal MEDIUM (4.3) A vulnerability, which was classified as problematic, was found in ChestnutCMS up to 1.5.3. Affected is the function readFile of the file /dev-api/cms/file/read. The manipulation of the argument filePath leads to path traversal. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Published: 2025-03-28T17:31:04.433Z Updated: 2025-03-28T17:43:16.861Z Open on db.gcve.eu Reference links https://vuldb.com/?id.301890 https://vuldb.com/?ctiid.301890 https://vuldb.com/?submit.520933 https://r0ot.notion.site/ChestnutCMS-1-5-3-Arbitrary-file-read-vulnerability-1ae27d744f7f8074a169ca849e8a1d31?pvs=4	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-2032`	vulnerable	2026-06-08 07:14:57.797827	ChestnutCMS rename renameFile path traversal LOW (3.5) A vulnerability classified as problematic was found in ChestnutCMS 1.5.2. This vulnerability affects the function renameFile of the file /cms/file/rename. The manipulation of the argument rename leads to path traversal. The exploit has been disclosed to the public and may be used. Published: 2025-03-06T16:31:04.530Z Updated: 2025-03-12T21:12:05.980Z Open on db.gcve.eu Reference links https://vuldb.com/?id.298774 https://vuldb.com/?ctiid.298774 https://vuldb.com/?submit.512030 https://github.com/IceFoxH/VULN/issues/7	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-2031`	vulnerable	2026-06-08 07:14:57.796189	ChestnutCMS upload uploadFile unrestricted upload MEDIUM (6.3) A vulnerability classified as critical has been found in ChestnutCMS up to 1.5.2. This affects the function uploadFile of the file /dev-api/cms/file/upload. The manipulation of the argument file leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Published: 2025-03-06T16:00:09.784Z Updated: 2025-03-06T16:28:30.900Z Open on db.gcve.eu Reference links https://vuldb.com/?id.298773 https://vuldb.com/?ctiid.298773 https://vuldb.com/?submit.512029 https://github.com/IceFoxH/VULN/issues/6	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.