CVE-2025-13275

low-risk

Published 2025-11-17

A security vulnerability has been detected in Iqbolshoh php-business-website up to 10677743a8dfc281f85291a27cf63a0bce043c24. This affects an unknown part of the file /admin/about.php. The manipulation leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed publicly and may be used. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available.

Do I need to act?

0.06% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 4.7/10 Medium

NETWORK / LOW complexity

References (4)

https://github.com/mhszed/Report/blob/main/php-business-website%20upload.docx

https://vuldb.com/?ctiid.332610

https://vuldb.com/?id.332610

https://vuldb.com/?submit.690049

/ 100

low-risk

Severity 19/34 · Moderate

Exploitability 0/34 · Minimal

Exposure 5/34 · Minimal