CVE-2025-60729

Medium CVSS: 5.3

PerfreeBlog v4.0.11 has an arbitrary file read vulnerability in the validThemeFilePath function

Vendor

Product

CWE

Yayın Tarihi

2025-10-24 18:15:40

Güncelleme

2025-10-27 17:53:39

Source Identifier

cve@mitre.org

KEV Date Added

CWE-126 Perfreeblog MEDIUM Perfree 2025

http://perfreeblog.com https://github.com/dengxmenglihua/cve/blob/main/PerfreeBlog/File%20Read/Arbitrary%20File%20Read%20Vulnerability%20in%20PerfreeBlog%20System.md https://perfree.org.cn/

Medium

CVE-2025-60319

PerfreeBlog v4.0.11 is vulnerable to Server-Side Request Forgery due to a missing authorization check in the uploadAttac…

High

CVE-2025-60731

PerfreeBlog v4.0.11 has a File Upload vulnerability in the installTheme function

High

CVE-2025-60735

PerfreeBlog v4.0.11 has a File Upload vulnerability in the installPlugin function

High

CVE-2025-60730

PerfreeBlog v4.0.11 has an arbitrary file deletion vulnerability in the unInstallTheme function

High

CVE-2025-29420

PerfreeBlog v4.0.11 has a directory traversal vulnerability in the getThemeFilesByName function.

High

CVE-2025-29421

PerfreeBlog v4.0.11 has an arbitrary file read vulnerability in the getThemeFileContent function.