Search
Find a vulnerability
Search criteria
2 vulnerabilities found for UNA CMS by Unknown
CVE-2025-66571 (GCVE-0-2025-66571)
Vulnerability from nvd – Published: 2025-12-04 20:43 – Updated: 2026-04-07 14:09
VLAI
Title
UNA CMS 9.0.0-RC1 - 14.0.0-RC4 PHP Object Injection
Summary
UNA CMS versions 9.0.0-RC1 - 14.0.0-RC4 contain a PHP object injection vulnerability in BxBaseMenuSetAclLevel.php where the profile_id POST parameter is passed to PHP unserialize() without proper handling, allowing remote, unauthenticated attackers to inject arbitrary PHP objects and potentially write and execute arbitrary PHP code.
Severity
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-502 - Deserialization of Untrusted Data
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://www.exploit-db.com/exploits/52139 | exploit |
| https://unacms.com | product |
| https://github.com/unacms/una | product |
| https://karmainsecurity.com/KIS-2025-01 | vdb-entry |
| https://www.vulncheck.com/advisories/una-cms-900-… | third-party-advisory |
Impacted products
Date Public
2025-04-08 00:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-66571",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-05T16:07:45.870391Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-05T16:48:10.075Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "UNA CMS",
"vendor": "Unknown",
"versions": [
{
"lessThanOrEqual": "14.0.0-RC4",
"status": "affected",
"version": "9.0.0-RC1",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Egidio Romano aka EgiX"
}
],
"datePublic": "2025-04-08T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eUNA CMS versions 9.0.0-RC1 - 14.0.0-RC4 contain a PHP object injection vulnerability in BxBaseMenuSetAclLevel.php where the profile_id POST parameter is passed to PHP unserialize() without proper handling, allowing remote, unauthenticated attackers to inject arbitrary PHP objects and potentially write and execute arbitrary PHP code.\u003c/p\u003e"
}
],
"value": "UNA CMS versions 9.0.0-RC1 - 14.0.0-RC4 contain a PHP object injection vulnerability in BxBaseMenuSetAclLevel.php where the profile_id POST parameter is passed to PHP unserialize() without proper handling, allowing remote, unauthenticated attackers to inject arbitrary PHP objects and potentially write and execute arbitrary PHP code."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502: Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-07T14:09:49.440Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "ExploitDB-52139",
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/52139"
},
{
"name": "UNA CMS Homepage",
"tags": [
"product"
],
"url": "https://unacms.com"
},
{
"name": "UNA CMS GitHub Repository",
"tags": [
"product"
],
"url": "https://github.com/unacms/una"
},
{
"name": "Karma Security Advisory",
"tags": [
"vdb-entry"
],
"url": "https://karmainsecurity.com/KIS-2025-01"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/una-cms-900-rc1-1400-rc4-php-object-injection"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "UNA CMS 9.0.0-RC1 - 14.0.0-RC4 PHP Object Injection",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2025-66571",
"datePublished": "2025-12-04T20:43:52.499Z",
"dateReserved": "2025-12-04T16:17:41.799Z",
"dateUpdated": "2026-04-07T14:09:49.440Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-66571 (GCVE-0-2025-66571)
Vulnerability from cvelistv5 – Published: 2025-12-04 20:43 – Updated: 2026-04-07 14:09
VLAI
Title
UNA CMS 9.0.0-RC1 - 14.0.0-RC4 PHP Object Injection
Summary
UNA CMS versions 9.0.0-RC1 - 14.0.0-RC4 contain a PHP object injection vulnerability in BxBaseMenuSetAclLevel.php where the profile_id POST parameter is passed to PHP unserialize() without proper handling, allowing remote, unauthenticated attackers to inject arbitrary PHP objects and potentially write and execute arbitrary PHP code.
Severity
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-502 - Deserialization of Untrusted Data
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://www.exploit-db.com/exploits/52139 | exploit |
| https://unacms.com | product |
| https://github.com/unacms/una | product |
| https://karmainsecurity.com/KIS-2025-01 | vdb-entry |
| https://www.vulncheck.com/advisories/una-cms-900-… | third-party-advisory |
Impacted products
Date Public
2025-04-08 00:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-66571",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-05T16:07:45.870391Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-05T16:48:10.075Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "UNA CMS",
"vendor": "Unknown",
"versions": [
{
"lessThanOrEqual": "14.0.0-RC4",
"status": "affected",
"version": "9.0.0-RC1",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Egidio Romano aka EgiX"
}
],
"datePublic": "2025-04-08T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eUNA CMS versions 9.0.0-RC1 - 14.0.0-RC4 contain a PHP object injection vulnerability in BxBaseMenuSetAclLevel.php where the profile_id POST parameter is passed to PHP unserialize() without proper handling, allowing remote, unauthenticated attackers to inject arbitrary PHP objects and potentially write and execute arbitrary PHP code.\u003c/p\u003e"
}
],
"value": "UNA CMS versions 9.0.0-RC1 - 14.0.0-RC4 contain a PHP object injection vulnerability in BxBaseMenuSetAclLevel.php where the profile_id POST parameter is passed to PHP unserialize() without proper handling, allowing remote, unauthenticated attackers to inject arbitrary PHP objects and potentially write and execute arbitrary PHP code."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502: Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-07T14:09:49.440Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "ExploitDB-52139",
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/52139"
},
{
"name": "UNA CMS Homepage",
"tags": [
"product"
],
"url": "https://unacms.com"
},
{
"name": "UNA CMS GitHub Repository",
"tags": [
"product"
],
"url": "https://github.com/unacms/una"
},
{
"name": "Karma Security Advisory",
"tags": [
"vdb-entry"
],
"url": "https://karmainsecurity.com/KIS-2025-01"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/una-cms-900-rc1-1400-rc4-php-object-injection"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "UNA CMS 9.0.0-RC1 - 14.0.0-RC4 PHP Object Injection",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2025-66571",
"datePublished": "2025-12-04T20:43:52.499Z",
"dateReserved": "2025-12-04T16:17:41.799Z",
"dateUpdated": "2026-04-07T14:09:49.440Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}