Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2025-60641

EPSS 0.11% · P29
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2025-60641

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
The file mexcel.php in the Vfront 0.99.52 codebase contains a vulnerable call to unserialize(base64_decode($_POST['mexcel'])), where $_POST['mexcel'] is user-controlled input. This input is decoded from base64 and deserialized without validation or use of the allowed_classes option, allowing an attacker to inject arbitrary PHP objects. This can lead to malicious behavior, such as Remote Code Execution (RCE), SQL Injection, Path Traversal, or Denial of Service, depending on the availability of exploitable classes in the Vfront codebase or its dependencies.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Vfront 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Vfront是Marcello Verona个人开发者的一个数据库管理前端工具。 Vfront 0.99.52版本存在安全漏洞,该漏洞源于对用户控制的输入进行反序列化操作时未进行验证或使用allowed_classes选项,可能导致远程代码执行、SQL注入、路径遍历或拒绝服务攻击。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
-n/a n/a -

II. Public POCs for CVE-2025-60641

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2025-60641

登录查看更多情报信息。

Same Patch Batch · n/a · 2025-10-16 · 16 CVEs total

CVE-2025-22381Aggie 安全漏洞
CVE-2025-61540Ultimate PHP Board 安全漏洞
CVE-2025-61541Webmin 安全漏洞
CVE-2025-61536Dev jobs handlebars 安全漏洞
CVE-2025-61539Ultimate PHP Board 安全漏洞
CVE-2025-61543CraftMyCMS 安全漏洞
CVE-2025-56699Base Digitale Centrax Open PSIM 安全漏洞
CVE-2025-56700Base Digitale Centrax Open PSIM 安全漏洞
CVE-2025-60855Reolink Video Doorbell Wi-Fi – DB_566128M5MP_W 安全漏洞
CVE-2025-60639ATLAS-EPIC 安全漏洞
CVE-2025-61330H3C Magic M安全漏洞
CVE-2025-61514CoCalc 安全漏洞
CVE-2025-61554BitVisor 安全漏洞
CVE-2025-61553BitVisor 安全漏洞
CVE-2025-60358Radare2 安全漏洞

IV. Related Vulnerabilities

Same product: n/a
Same vendor: n/a

V. Comments for CVE-2025-60641

No comments yet

Leave a comment