CVE-2025-69437 - Vulnerability Analysis
HighCVSS: 8.7Last Updated: March 2, 2026
PublicCMS - Stored XSS
Overview
PublicCMS v5.202506.d and earlier contains a stored XSS caused by JavaScript payloads embedded in uploaded PDFs bypassing backend PDF security checks in CmsFileUtils.java, letting attackers execute arbitrary scripts when users view the files, exploit requires user to upload and view malicious PDF.
Severity & Score
Impact
Attackers can execute arbitrary scripts via malicious PDFs, leading to credential theft and unauthorized API actions.
Mitigation
Update to the latest version beyond v5.202506.d.
Social Media Activity(1 post)
š CVE-2025-69437 - High (8.7) PublicCMS v5.202506.d and earlier is vulnerable to stored XSS. Uploaded PDFs can contain JavaScript payloads and bypass PDF security checks in the backend CmsFileUtils.java. If a user uploads a PDF file containing a malicious payload to the system... š https://www.thehackerwire.com/vulnerability/CVE-2025-69437/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
View original postRelated Resources
Details
- CVE ID
- CVE-2025-69437
- Severity
- High
- CVSS Score
- 8.7
- Type
- stored_xss
- Status
- unconfirmed
- EPSS
- 3.7%
- Social Posts
- 1
CWE
- CWE-79
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N