What is CVE-2025-34100?

CVE-2025-34100 is a vulnerability in Builderengine Cms, classified under Unrestricted Upload of File with Dangerous Type. Published 2025-07-10.

Is CVE-2025-34100 known to be exploited?

7 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Auth bypass in Builderengine Cms

CVE-2025-34100

An unrestricted file upload vulnerability exists in BuilderEngine 3.5.0 via the integration of the elFinder 2.0 file manager and its use of the jQuery File Upload plugin. The plugin fails to properly validate or restrict file types or loca…

Vulnerability class: Unrestricted File Upload

EPSS: 0.793 (99.1th percentile) — read the EPSS interpretation.

Affected products

Builderengine Cms — versions 3.5.0

Weakness classification (CWE)

Public proof-of-concept exploits

References

raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/m… (exploit)
www.exploit-db.com/exploits/40390 (exploit)
support.alertlogic.com/hc/en-us/articles/115004703183-BuilderEngine-Content-Man… (third-party-advisory)
vulncheck.com/advisories/builder-engine-unauthenticated-arbitrary-file-upload (third-party-advisory)

Frequently asked questions

What is CVE-2025-34100?: CVE-2025-34100 is a vulnerability in Builderengine Cms, classified under Unrestricted Upload of File with Dangerous Type. Published 2025-07-10.
Is CVE-2025-34100 known to be exploited?: 7 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.