CVE-2025-12346 is a vulnerability identified in MaxSite CMS up to version 109, specifically within the file application/maxsite/admin/plugins/auto_post/uploads-require-maxsite.php, which handles HTTP headers related to file uploads. The vulnerability arises from insufficient validation of the HTTP headers X-Requested-FileName and X-Requested-FileUpDir, allowing an attacker to manipulate these arguments to perform unrestricted file uploads remotely. This means an attacker can upload arbitrary files, potentially including malicious scripts or executables, to the server hosting the CMS without requiring authentication or user interaction. The vulnerability is classified as medium severity with a CVSS 4.0 score of 5.3, reflecting its network attack vector, low complexity, no privileges required, and no user interaction needed. The impact on confidentiality, integrity, and availability is limited but present, as attackers could upload files that lead to information disclosure, data tampering, or denial of service. The vendor has been contacted but has not responded or provided a patch, and while no active exploitation has been reported, the exploit code is publicly available, increasing the likelihood of future attacks. The vulnerability affects only version 109 of MaxSite CMS, a content management system used primarily for website management. The lack of patch and vendor response necessitates immediate defensive measures by users of this CMS.

For European organizations using MaxSite CMS version 109, this vulnerability poses a significant risk of unauthorized file uploads, which can lead to server compromise, data breaches, defacement, or deployment of ransomware and other malware. The ability to upload arbitrary files without authentication can allow attackers to execute remote code, escalate privileges, or establish persistent access. This undermines the confidentiality, integrity, and availability of affected systems. Organizations relying on MaxSite CMS for public-facing websites or internal portals may experience service disruption, reputational damage, and regulatory compliance issues, especially under GDPR requirements for data protection. The medium severity rating indicates a moderate but tangible threat that should not be ignored. The absence of vendor patches increases the window of exposure, making proactive mitigation critical. European entities with sensitive or critical web infrastructure using this CMS are particularly vulnerable to targeted attacks leveraging this flaw.

1. Immediately restrict file upload permissions on the affected MaxSite CMS instances by disabling or limiting the functionality of the vulnerable upload component if possible. 2. Implement strict input validation and sanitization on HTTP headers, especially X-Requested-FileName and X-Requested-FileUpDir, at the web server or application firewall level to block malicious manipulation attempts. 3. Employ a Web Application Firewall (WAF) with custom rules to detect and block suspicious upload requests targeting this vulnerability. 4. Isolate vulnerable CMS installations from critical network segments to limit potential lateral movement in case of compromise. 5. Monitor server logs and network traffic for unusual file upload activity or HTTP header anomalies indicative of exploitation attempts. 6. Regularly back up website data and configurations to enable rapid recovery if an attack occurs. 7. Engage with the MaxSite CMS community or security forums to track any unofficial patches or mitigations until an official fix is released. 8. Consider migrating to alternative CMS platforms if patching or mitigation is not feasible in the short term. 9. Educate IT and security teams about this vulnerability and ensure incident response plans include scenarios involving unauthorized file uploads.