CVE-2025-25790
FoxCMS LocalTemplate Arbitrary File Upload Vulnerability
Halo Surface Signal: 4 out of 5 — likely to be public-facing.
An arbitrary file upload vulnerability exists in FoxCMS's LocalTemplate.php component, allowing attackers to execute arbitrary code by uploading a crafted ZIP file. This could impact the integrity and availability of affected systems.