CVE-2025-14532CRITICAL 9.8EPSS p40.9%

CVE-2025-14532CVE-2025-14532

Description

DobryCMS's upload file functionality allows an unauthenticated remote attacker to upload files of any type and extension without restriction, which can result in Remote Code Execution. This issue was fixed in versions above 5.0.

Scoring

CVSS 3.19.8 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS0.54% probability of exploitation · percentile 40.9% · 2026-06-19T12:03:05Z
Published2026-03-02
Last modified2026-03-05

Underlying weaknesses· 1

CWE-434

References

  1. https://cert.pl/posts/2026/03/CVE-2025-12462/

1

TypeTargetConfidenceTier
WeaknessUnrestricted Upload of File with Dangerous Typecwe-4340%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
dotCMS Unrestricted Upload of File Vulnerability
CVE
CVE-2025-7063
CVE
CVE-2025-55454
CVE
CVE-2025-55835
CVE
CVE-2025-54757
CVE
CVE-2025-46001
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.