GSA_kwCzR0hTQS1tNWh3LXJodnItZjQ3Y84ABKRt

Critical EPSS: 0.0008% (0.24464 Percentile) EPSS:

Permalink JSON

simogeo/filemanager arbitrary file upload vulnerability

Affected Packages	Affected Versions	Fixed Versions
packagist:simogeo/filemanager	< 2.5.0	No known fixed version
0 Dependent packages 5 Dependent repositories 71,776 Downloads total Affected Version Ranges All affected versions 1.6.0, 1.7.0, 1.8.0, 2.0.0, 2.1.0, 2.2.0, 2.3.0, 2.4.0

An arbitrary file upload vulnerability in the is_allowed_file_type() function of Filemanager v2.3.0 allows attackers to execute arbitrary code via uploading a crafted PHP file.

References:

https://nvd.nist.gov/vuln/detail/CVE-2025-46001
https://github.com/simogeo/Filemanager
https://github.com/zakumini/CVE-List/blob/main/CVE-2025-46001/CVE-2025-46001.md
https://www.exploit-db.com/exploits/38895
https://github.com/advisories/GHSA-m5hw-rhvr-f47c

Identifiers

GHSA-m5hw-rhvr-f47c

CVE-2025-46001

Risk

Severity

Critical

EPSS

EPSS Percentage: 0.0008

EPSS Percentile: 0.24464

Classification

General

Source

GitHub Advisory Database

Origin

Unspecified

Repository

https://github.com/simogeo/Filemanager

Date and time

Published

13 days ago

Updated

7 days ago

API

JSON

ecosyste.ms

Data

Tools

Indexes

Applications

Experiments

Advisories