CVE-2025-29281HIGH 8.8EPSS p42.9%

CVE-2025-29281CVE-2025-29281

Description

In PerfreeBlog version 4.0.11, regular users can exploit the arbitrary file upload vulnerability in the attach component to upload arbitrary files and execute code within them.

Scoring

CVSS 3.18.8 (HIGH)
VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS0.57% probability of exploitation · percentile 42.9% · 2026-06-19T12:03:05Z
Published2025-04-15
Last modified2025-06-24

Underlying weaknesses· 1

CWE-94

References

  1. https://github.com/Cray0nLee/CVE/issues/2

1

TypeTargetConfidenceTier
WeaknessImproper Control of Generation of Code ('Code Injection')cwe-940%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-25361
CVE
CVE-2025-29401
CVE
CVE-2025-2512
CVE
CVE-2025-9762
CVE
CVE-2025-25783
CVE
CVE-2025-29287
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.