CVE-2025-65657

moderate-risk

Published 2025-12-02

FeehiCMS version 2.1.1 has a Remote Code Execution via Unrestricted File Upload in Ad Management. FeehiCMS version 2.1.1 allows authenticated remote attackers to upload files that the server later executes (or stores in an executable location) without sufficient validation, sanitization, or execution restrictions. An authenticated remote attacker can upload a crafted PHP file and cause the application or web server to execute it, resulting in remote code execution (RCE).

Do I need to act?

0.18% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 6.5/10 Medium

NETWORK / LOW complexity

Affected Products (1)

Feehicms

Affected Vendors

Feehi

References (2)

Exploit https://github.com/kiwi865/CVEs/blob/main/CVE-2025-65657.md

Exploit https://github.com/liufee/cms/issues/78

/ 100

moderate-risk

Severity 24/34 · High

Exploitability 1/34 · Minimal

Exposure 5/34 · Minimal