Home / Vulnerability Intelligence / CVE-2025-69770

CVE-2025-69770 - Vulnerability Analysis

CriticalCVSS: 10.0

Last Updated: February 13, 2026

MojoPortal CMS - Command Injection

Published: February 13, 2026Updated: February 13, 2026Remote Exploitable

Overview

MojoPortal CMS v2.9.0.1 contains a command injection caused by a zip slip vulnerability in /DesignTools/SkinList.aspx, letting attackers execute arbitrary commands via crafted zip file upload.

Severity & Score

Severity: Critical

CVSS Score: 10.0

EPSS Score: 8.9%(Probability of exploitation in next 30 days)

Impact

Attackers can execute arbitrary commands on the server, potentially leading to full system compromise.

Mitigation

Update to the latest version of MojoPortal CMS.

References

Social Media Activity(2 posts)

Yazoul Alerts

@Matchbook3469

Feb 15, 2026

🔴 New security advisory: CVE-2025-69770 affects multiple systems. • Impact: Remote code execution or complete system compromise possible • Risk: Attackers can gain full control of affected systems • Mitigation: Patch immediately or isolate affected systems Full breakdown: https://advisory.yazoul.net/cve/cve-2025-69770 #Cybersecurity #PatchNow #InfoSecCommunity

View original post

TheHackerWire

@thehackerwire

Feb 13, 2026

🔴 CVE-2025-69770 - Critical (10) A zip slip vulnerability in the /DesignTools/SkinList.aspx endpoint of MojoPortal CMS v2.9.0.1 allows attackers to execute arbitrary commands via uploading a crafted zip file. 🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-69770/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post

Related Resources

Details

CVE ID: CVE-2025-69770
Severity: Critical
CVSS Score: 10.0
Type: command_injection
Status: unconfirmed
EPSS: 8.9%
Social Posts: 2

CWE

CWE-22

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

EPSS Score

8.9%Probability of exploitation in the next 30 days