CVE-2025-5428

A vulnerability classified as critical has been found in juzaweb CMS up to 3.4.2. This affects an unknown part of the file /admin-cp/log-viewer of the component Error Logs Page. The manipulation leads to improper access controls. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Published: Jun 2, 2025
Updated: Jun 17, 2025
CVE: CVE-2025-5428
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 6.3
AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
juzaweb / cms	3.4	3.4.2.x

https://github.com/Cyber-Wo0dy/report/blob/main/juzawebcms/3.4.2/juzawebcms_unprivileged_user_list_delete_logs.md
https://vuldb.com/?ctiid.310761
https://vuldb.com/?id.310761
https://vuldb.com/?submit.584056

Vulnerability Database

CVE-2025-5428