CVE advisoryCRITICAL
CVE-2025-29287
MCMS ueditor Arbitrary File Upload leads to Code Execution
Halo Surface Signal: 4 out of 5 — likely to be public-facing.
An arbitrary file upload vulnerability exists in the ueditor component of MCMS, allowing for arbitrary code execution through the upload of crafted files. This vulnerability can be exploited by unauthenticated attackers over the network, potentially impacting system integrity and availability. This issue warrants atten