CVE-2025-12331
Published
CVSS v3
4.7
MEDIUM
CVSS v2
5.8
MEDIUM
Affected
1
PROJECT
Description
A weakness has been identified in Willow CMS up to 1.4.0. Impacted is an unknown function of the file /admin/images/add. This manipulation causes unrestricted upload. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be exploited.
A modern, AI-enhanced CMS built with CakePHP 5. Features AI-powered SEO optimization, automated translation (25+ languages via Claude & Google Translate), image galleries with AI analysis, hierarchical tagging, and comment moderation. Includes complete Docker dev environment with 290+ tests.
GitHub