CVE-2025-25791 Information

Description

An arbitrary file upload vulnerability in the plugin installation feature of YZNCMS v2.0.1 allows attackers to execute arbitrary code via uploading a crafted Zip file.

Reference

http://yzncms.com https://gitee.com/ken678/YZNCMS https://github.com/Ka7arotto/YZNCMS/blob/main/yzncms-upload.md