CVE-2025-15197

low-risk
Published 2025-12-29

A security flaw has been discovered in code-projects/anirbandutta9 Content Management System and News-Buzz 1.0. This vulnerability affects unknown code of the file /admin/editposts.php. Performing manipulation of the argument image results in unrestricted upload. The attack may be initiated remotely. The exploit has been released to the public and may be exploited.

Do I need to act?

-
0.05% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
4
CVSS 4.7/10 Medium
NETWORK / LOW complexity

Affected Products (2)

News-Buzz
Content Management System

Affected Vendors

Code-Projects Anirbandutta

References (5)

Exploit https://github.com/Limingqian123/CVE/issues/7
Permissions Required https://vuldb.com/?ctiid.338584
Third Party Advisory https://vuldb.com/?id.338584
Third Party Advisory https://vuldb.com/?submit.724721
Exploit https://github.com/Limingqian123/CVE/issues/7
26
/ 100
low-risk
Severity 19/34 · Moderate
Exploitability 0/34 · Minimal
Exposure 7/34 · Low