CVE-2025-65602 PUBLISHED

Assigner: mitre
Reserved: 18.11.2025 Published: 10.12.2025 Updated: 18.12.2025

A template injection vulnerability in the /vip/v1/file/save component of ChanCMS v3.3.4 allows attackers to execute arbitrary code via a crafted POST request.

Product Status

Vendor	n/a
Product	n/a
Versions	Version n/a is affected

References

https://gitee.com/chancms/ChanCMS
https://www.notion.so/ChanCMS-Unauthenticated-RCE-2a3ee9235ba380fc9973e16c06258689?source=copy_link
https://www.notion.so/ChanCMS-Unauthenticated-RCE-2a3ee9235ba380fc9973e16c06258689

Problem Types

n/a text