What is CVE-2018-25353?

CVE-2018-25353 is a high-severity vulnerability in Redaxo Cms Mediapool, classified under Incorrect Authorization. CVSS score: 8.8/10. Published 2026-05-23.

How severe is CVE-2018-25353?

High severity. CVSS v3 base score is 8.8 out of 10.

Auth bypass in Redaxo Cms Mediapool

CVE-2018-25353

Redaxo CMS Mediapool Addon 5.5.1 and older contains an arbitrary file upload vulnerability that allows authenticated users to bypass file extension blacklist restrictions. Attackers with editor accounts can upload executable files by using…

Vulnerability class: Broken Access Control

EPSS: 0.001 (19.5th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.8 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H.

Affected products

Redaxo Cms Mediapool — versions 0

Weakness classification (CWE)

CWE-863 — Incorrect Authorization

References

disclosure@vulncheck.com (exploit)
disclosure@vulncheck.com (product)
disclosure@vulncheck.com (product)
disclosure@vulncheck.com (third-party-advisory)

Frequently asked questions

What is CVE-2018-25353?: CVE-2018-25353 is a high-severity vulnerability in Redaxo Cms Mediapool, classified under Incorrect Authorization. CVSS score: 8.8/10. Published 2026-05-23.
How severe is CVE-2018-25353?: High severity. CVSS v3 base score is 8.8 out of 10.