🔐 CVE Alert

CVE-2025-14532

UNKNOWN 0.0

Remote Code Execution via Unrestricted File Upload in DobryCMS

CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th

DobryCMS's upload file functionality allows an unauthenticated remote attacker to upload files of any type and extension without restriction, which can result in Remote Code Execution. This issue was fixed in versions above 5.0.

CWE CWE-434
Vendor studio fabryka
Product dobrycms
Published Mar 2, 2026
Last Updated Mar 2, 2026
Stay Ahead of the Next One

Get instant alerts for studio fabryka dobrycms

Be the first to know when new unknown vulnerabilities affecting studio fabryka dobrycms are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Studio Fabryka / DobryCMS
1.0 ≤ 1.* 2.0 ≤ 2.* 5.0

References

NVD ↗ CVE.org ↗ EPSS Data ↗
cert.pl: https://cert.pl/posts/2026/03/CVE-2025-12462/

Credits

Dawid Radziński (RED SECURITY)