DNA View

Critical Severity Vulnerability

This vulnerability has been rated as Critical severity. Immediate action is recommended.

CVE-2025-65474

Critical

Low Medium High Critical

9.8

CVSS Score

Published: Dec 11, 2025

Last Modified: Dec 19, 2025

Vulnerability Description

An arbitrary file rename vulnerability in the /admin/manager.php component of EasyImages 2.0 v2.8.6 and below allows attackers to execute arbitrary code via renaming a PHP file to a SVG format.

CVSS Metrics

Common Vulnerability Scoring System

Vector String:

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

References & Resources

https://congsec.cn?id=20251103234511-9418dk9
cve@mitre.org Exploit Third Party Advisory
https://gist.github.com/CongSec/3cf968621f71a7da35dcc9b8f0b29bb2
cve@mitre.org Exploit Third Party Advisory

Severity Details

9.8

out of 10.0

Critical

Key Information

Published Date: December 11, 2025

External Resources

NIST NVD

National Vulnerability Database

CVE Details

Detailed vulnerability info

MITRE CVE

Official CVE record

CVE Vulnerabilities

Posts & Pages