What is CVE-2025-4545?

CVE-2025-4545 is a medium-severity vulnerability in Ctcms Content Management System, classified under Path Traversal. CVSS score: 5.4/10. Published 2025-05-11.

How severe is CVE-2025-4545?

Medium severity. CVSS v3 base score is 5.4 out of 10.

Path Traversal in Ctcms Content Management System

CVE-2025-4545

A vulnerability was found in CTCMS Content Management System 2.1.2. It has been classified as critical. Affected is the function del of the file ctcms\apps\controllers\admin\Tpl.php of the component File Handler. The manipulation of the ar…

Vulnerability class: Path Traversal (Directory Traversal)

EPSS: 0.005 (66.6th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 5.4 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L.

Affected products

Ctcms Content Management System — versions 2.1.2

Weakness classification (CWE)

CWE-22 — Path Traversal

References

VDB-308292 | CTCMS Content Management System File Tpl.php del path traversal (vdb-entry, technical-description)
VDB-308292 | CTI Indicators (IOB, IOC, TTP, IOA) (signature, permissions-required)
Submit #566498 | https://www.ctcms.cn/ CTCMS Content Management System V2.1.2 Arbitrary File Deletion (third-party-advisory)
github.com/xiaoyangsec/ctcms/blob/main/CTCMS_Arbitrary_File_Deletion_Vulnerabil… (exploit)

Frequently asked questions

What is CVE-2025-4545?: CVE-2025-4545 is a medium-severity vulnerability in Ctcms Content Management System, classified under Path Traversal. CVSS score: 5.4/10. Published 2025-05-11.
How severe is CVE-2025-4545?: Medium severity. CVSS v3 base score is 5.4 out of 10.