cbcvebase.
CVE-2025-4543
published 2025-05-11

CVE-2025-4543: A vulnerability, which was classified as critical, was found in LyLme Spage 2.1. This affects an unknown part of the file…

PriorityP345high7.3CVSS 3.1
AVNACLPRNUINSUCLILAL
EPSS
0.41%
32.8th percentile
A vulnerability, which was classified as critical, was found in LyLme Spage 2.1. This affects an unknown part of the file lylme_spage/blob/master/admin/ajax_link.php. The manipulation of the argument sort leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Affected

14 ranges
VendorProductVersion rangeFixed in
lylmelylme_spage
lylmespage
msrcazl3_kernel_6.6.104.2-4_on_azure_linux_3.0
msrcazl3_kernel_6.6.112.1-2_on_azure_linux_3.0
msrcazl3_kernel_6.6.117.1-1_on_azure_linux_3.0
msrcazl3_kernel_6.6.119.3-1_on_azure_linux_3.0
msrcazl3_kernel_6.6.119.3-3_on_azure_linux_3.0
msrcazl3_kernel_6.6.121.1-1_on_azure_linux_3.0
msrcazl3_kernel_6.6.126.1-1_on_azure_linux_3.0
msrcazl3_kernel_6.6.130.1-3_on_azure_linux_3.0
msrcazl3_kernel_6.6.96.2-1_on_azure_linux_3.0
msrcazl3_kernel_6.6.96.2-2_on_azure_linux_3.0
msrccbl2_kernel_5.15.182.1-1_on_cbl_mariner_2.0
msrccm1_kernel_5.10.189.1-1_on_cbl_mariner_1.0

CVSS provenance

nvdv3.17.3HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
nvdv4.06.9MEDIUMCVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vendor_msrc5.5MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.