CVE-2025-7103
published 2025-07-07CVE-2025-7103: A vulnerability was found in BoyunCMS up to 1.4.20. It has been rated as critical. This issue affects some unknown processing of the file…
PriorityP348high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EPSS
0.32%
23.4th percentile
A vulnerability was found in BoyunCMS up to 1.4.20. It has been rated as critical. This issue affects some unknown processing of the file /application/pay/controller/Index.php of the component curl. The manipulation leads to server-side request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Affected
23 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| boyuncms_project | boyuncms | — | — |
| boyuncms_project | boyuncms | — | — |
| boyuncms_project | boyuncms | — | — |
| boyuncms_project | boyuncms | — | — |
| boyuncms_project | boyuncms | — | — |
| boyuncms_project | boyuncms | — | — |
| boyuncms_project | boyuncms | — | — |
| boyuncms_project | boyuncms | — | — |
| boyuncms_project | boyuncms | — | — |
| boyuncms_project | boyuncms | — | — |
| boyuncms_project | boyuncms | — | — |
| boyuncms_project | boyuncms | — | — |
| boyuncms_project | boyuncms | — | — |
| boyuncms_project | boyuncms | — | — |
| boyuncms_project | boyuncms | — | — |
| boyuncms_project | boyuncms | — | — |
| boyuncms_project | boyuncms | — | — |
| boyuncms_project | boyuncms | — | — |
| boyuncms_project | boyuncms | — | — |
| boyuncms_project | boyuncms | — | — |
| boyuncms_project | boyuncms | — | — |
| boyuncms_project | boyuncms | 1.4 – 1.4.20 | — |
| msrc | microsoft_edge | — | — |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv4.02.1LOWCVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
nvdv2.06.5MEDIUMAV:N/AC:L/Au:S/C:P/I:P/A:P
vendor_msrc9.8CRITICAL
vendor_redhat5.4MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-mh9c-7rrm-hrgf: A vulnerability was found in BoyunCMS up to 1
ghsa_unreviewed·2025-07-07
CVE-2025-7103 [MEDIUM] CWE-918 GHSA-mh9c-7rrm-hrgf: A vulnerability was found in BoyunCMS up to 1
A vulnerability was found in BoyunCMS up to 1.4.20. It has been rated as critical. This issue affects some unknown processing of the file /application/pay/controller/Index.php of the component curl. The manipulation leads to server-side request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Red Hat
chromium-browser: Inappropriate implementation in DevTools
vendor_redhat·2025-11-14·CVSS 5.4
CVE-2025-13097 [MEDIUM] CWE-266 chromium-browser: Inappropriate implementation in DevTools
chromium-browser: Inappropriate implementation in DevTools
Inappropriate implementation in DevTools in Google Chrome prior to 136.0.7103.59 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)
Statement: Red Hat Product Security rates the severity of this flaw as determined by the Google Chrome Security Advisory.
Microsoft
Chromium: CVE-2025-4096 Heap buffer overflow in HTML
vendor_msrc·2025-05-13·CVSS 8.8
CVE-2025-4096 [HIGH] Chromium: CVE-2025-4096 Heap buffer overflow in HTML
Chromium: CVE-2025-4096 Heap buffer overflow in HTML
Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.
FAQ: What is the version information for this release?
Microsoft Edge Version
Date Released
Based on Chromium Version
136.0.3240.50
5/1/2025
136.0.7103.49
FAQ: Why is this Chrome CVE included in the Security Update Guide?
The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.
How can I see the version of the browser?
In
Microsoft
Chromium: CVE-2025-4051 Insufficient data validation in DevTools
vendor_msrc·2025-05-13·CVSS 6.3
CVE-2025-4051 [MEDIUM] Chromium: CVE-2025-4051 Insufficient data validation in DevTools
Chromium: CVE-2025-4051 Insufficient data validation in DevTools
Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.
FAQ: What is the version information for this release?
Microsoft Edge Version
Date Released
Based on Chromium Version
136.0.3240.50
5/1/2025
136.0.7103.49
FAQ: Why is this Chrome CVE included in the Security Update Guide?
The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.
How can I see the version of the b
Microsoft
Chromium: CVE-2025-4050 Out of bounds memory access in DevTools
vendor_msrc·2025-05-13·CVSS 8.8
CVE-2025-4050 [HIGH] Chromium: CVE-2025-4050 Out of bounds memory access in DevTools
Chromium: CVE-2025-4050 Out of bounds memory access in DevTools
Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.
FAQ: What is the version information for this release?
Microsoft Edge Version
Date Released
Based on Chromium Version
136.0.3240.50
5/1/2025
136.0.7103.49
FAQ: Why is this Chrome CVE included in the Security Update Guide?
The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.
How can I see the version of the br
Microsoft
Microsoft Edge (Chromium-based) Spoofing Vulnerability
vendor_msrc·2025-05-13·CVSS 6.5
CVE-2025-29825 [MEDIUM] CWE-451 Microsoft Edge (Chromium-based) Spoofing Vulnerability
Microsoft Edge (Chromium-based) Spoofing Vulnerability
Description: User interface (ui) misrepresentation of critical information in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.
FAQ: According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?
The user would have to click on a specially crafted URL to be compromised by the attacker.
FAQ: What is the version information for this release?
Microsoft Edge Version
Date Released
Based on Chromium Version
136.0.3240.50
5/1/2025
136.0.7103.49
Microsoft Edge (Chromium-based): Microsoft Edge (Chromium-based)
Microsoft: Microsoft
Customer Action Required: Yes
Impact: Spoofing
Exploit Status: Publicly Disclosed:No;Exploited:No;Latest S
Microsoft
Chromium: CVE-2025-4052 Inappropriate implementation in DevTools
vendor_msrc·2025-05-13·CVSS 9.8
CVE-2025-4052 [CRITICAL] Chromium: CVE-2025-4052 Inappropriate implementation in DevTools
Chromium: CVE-2025-4052 Inappropriate implementation in DevTools
Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.
FAQ: What is the version information for this release?
Microsoft Edge Version
Date Released
Based on Chromium Version
136.0.3240.50
5/1/2025
136.0.7103.49
FAQ: Why is this Chrome CVE included in the Security Update Guide?
The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.
How can I see the version of the b
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2025-07-07
Published