CVE-2025-15457CRITICAL 9.8EPSS p39.5%

CVE-2025-15457CVE-2025-15457

Description

A vulnerability was found in bg5sbk MiniCMS up to 1.8. The impacted element is an unknown function of the file /minicms/mc-admin/post.php of the component Trash File Restore Handler. Performing a manipulation results in improper authentication. It is possible to initiate the attack remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.

Scoring

CVSS 3.19.8 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS0.51% probability of exploitation · percentile 39.5% · 2026-06-18T12:00:27Z
Published2026-01-05
Last modified2026-04-29

Underlying weaknesses· 1

CWE-287

References

  1. https://github.com/ueh1013/VULN/issues/12
  2. https://vuldb.com/?ctiid.339490
  3. https://vuldb.com/?id.339490
  4. https://vuldb.com/?submit.725139

1

TypeTargetConfidenceTier
WeaknessImproper Authenticationcwe-2870%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-15458
CVE
CVE-2025-5328
CVE
CVE-2025-15405
CVE
CVE-2025-54757
CVE
CVE-2025-9415
CVE
CVE-2025-15263
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.