CNNVD-202601-2709 Information

Jan 16, 2026 cve

CNNVD ID

CNNVD-202601-2709

CVE-2025-14894

CNNVD Published: 2026-01-16

Description (Chinese)

Livewire Filemanager是Livewire Filemanager开源的一个文件管理软件。 Livewire Filemanager存在安全漏洞，该漏洞源于LivewireFilemanagerComponent.php未执行文件类型和MIME验证，可能导致通过上传恶意php文件实现远程代码执行。

Description (English)

Livewire Filemanager is a file management software for Livewire Filemanager. Livewire Filemanager has a security loophole, which stems from Livewire Filemanager Component.php’s unexecuted file type and MIME authentication, which may result in remote code execution by uploading malicious php files.

Hazard Level

Medium

Affected Vendor

Livewire Filemanager

Published

2026-01-16

Last Modified

2026-02-24

References

https://github.com/livewire-filemanager/filemanager https://hackingbydoing.wixsite.com/hackingbydoing/post/unauthenticated-rce-in-livewire-filemanager https://www.kb.cert.org/vuls/id/650657 https://access.redhat.com/security/cve/cve-2025-14894

Share on: