CVE-2025-25791

An arbitrary file upload vulnerability in the plugin installation feature of YZNCMS v2.0.1 allows attackers to execute arbitrary code via uploading a crafted Zip file. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt