CVE-2025-56399
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2025-56399
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
alexusmai laravel-file-manager 3.3.1 and before allows an authenticated attacker to achieve Remote Code Execution (RCE) through a crafted file upload. A file with a '.png` extension containing PHP code can be uploaded via the file manager interface. Although the upload appears to fail client-side validation, the file is still saved on the server. The attacker can then use the rename API to change the file extension to `.php`, and upon accessing it via a public URL, the server executes the embedded code.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Laravel File Manager 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Laravel File Manager是Aleksandr Manekin个人开发者的一个Laravel文件管理器。 Laravel File Manager 3.3.1及之前版本存在安全漏洞,该漏洞源于文件上传功能存在缺陷,可能导致远程代码执行。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| - | n/a | n/a | - |
II. Public POCs for CVE-2025-56399
| # | POC Description | Source Link | Shenlong Link |
|---|---|---|---|
| 1 | An authenticated Remote Code Execution (RCE) vulnerability in laravel-file-manager v3.3.1 and below allows attackers with access to the file manager interface to execute arbitrary code on the server. | https://github.com/Theethat-Thamwasin/CVE-2025-56399 | POC Details |
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2025-56399
请登录查看更多情报信息。
Same Patch Batch · n/a · 2025-10-28 · 18 CVEs total
| CVE-2025-60858 | Reolink Video Doorbell Wi-Fi – DB_566128M5MP_W 安全漏洞 | |
| CVE-2025-61235 | Dataphone A920 安全漏洞 | |
| CVE-2025-61080 | Clear2Pay Bank Visibility Application - Payment Execution 安全漏洞 | |
| CVE-2025-60800 | jshERP 安全漏洞 | |
| CVE-2025-60355 | OneBlog 安全漏洞 | |
| CVE-2025-60805 | BES Application Server 安全漏洞 | |
| CVE-2025-60354 | blog-vue-springboot 安全漏洞 | |
| CVE-2025-54605 | Bitcoin Core 安全漏洞 | |
| CVE-2025-54604 | Bitcoin Core 安全漏洞 | |
| CVE-2025-61107 | FRRouting 安全漏洞 | |
| CVE-2025-61155 | Hotta Studio GameDriverX64.sys 安全漏洞 | |
| CVE-2025-61128 | WAVLINK QUANTUM D3G和WAVLINK WL-WN530HG3 安全漏洞 | |
| CVE-2025-60349 | Prevx 安全漏洞 | |
| CVE-2025-61043 | Monkeys Audio 安全漏洞 | |
| CVE-2025-61104 | FRRouting 安全漏洞 | |
| CVE-2025-61106 | FRRouting 安全漏洞 | |
| CVE-2025-61103 | FRRouting 安全漏洞 |
IV. Related Vulnerabilities
Same vendor: n/a
- CVE-2026-8747
Z-BlogPHP Commend Approval c_system_event.php CheckComment i - CVE-2026-8746
Open5GS NRF nghttp2-server.c discover_handler use after free - CVE-2026-8745
Open5GS AUSF nausf-handler.c ogs_timer_add denial of service - CVE-2026-8744
Open5GS NRF context.c ogs_sbi_nf_service_add denial of servi - CVE-2026-8743
Open5GS AMF/MME context.c ran_ue_find_by_amf_ue_ngap_id impr
V. Comments for CVE-2025-56399
No comments yet