CVE-2025-12347 is a vulnerability identified in MaxSite CMS up to version 109, specifically within the file application/maxsite/admin/plugins/editor_files/save-file-ajax.php. The vulnerability arises from improper handling of the file_path and content parameters, which allows an attacker to upload files without restriction. This unrestricted upload flaw means that an attacker can remotely send crafted requests to the vulnerable script to place arbitrary files on the server, bypassing any intended file type or size restrictions. Since the vulnerability does not require authentication or user interaction, it can be exploited by any remote attacker with network access to the CMS. The uploaded files could be web shells or malicious scripts, enabling further compromise such as remote code execution, data theft, or defacement. The CVSS 4.0 score of 5.3 reflects a medium severity, considering the ease of exploitation (network attack vector, no user interaction), but limited impact on confidentiality, integrity, and availability (low to limited impact). The vendor has not responded to the disclosure, and no official patch is available, increasing the urgency for organizations to apply compensating controls. Although no known exploits in the wild have been reported yet, the public availability of exploit details raises the risk of imminent attacks.

For European organizations, exploitation of this vulnerability could lead to unauthorized file uploads, enabling attackers to execute arbitrary code, deface websites, or establish persistent backdoors. This can compromise the confidentiality and integrity of sensitive data managed through the CMS, disrupt business operations, and damage organizational reputation. Organizations relying on MaxSite CMS for public-facing websites or internal portals are at risk of service disruption and data breaches. The medium severity suggests that while the impact may not be catastrophic, it is significant enough to warrant immediate attention, especially for entities in sectors such as government, finance, and critical infrastructure where web integrity is paramount. Additionally, the lack of vendor response and patch availability increases the risk exposure period for European entities using this CMS.

1. Immediately restrict access to the vulnerable save-file-ajax.php script by implementing IP whitelisting or network-level access controls to limit exposure to trusted users only. 2. Deploy a Web Application Firewall (WAF) with custom rules to detect and block suspicious file upload attempts targeting the vulnerable parameters. 3. Monitor web server logs and CMS activity for unusual file upload patterns or unauthorized file creations, focusing on the affected script path. 4. If possible, disable or remove the vulnerable plugin or functionality until a vendor patch is released. 5. Conduct a thorough audit of existing uploaded files to identify and remove any malicious files that may have been uploaded previously. 6. Implement strict file upload validation and sanitization controls within the CMS or via reverse proxies. 7. Stay informed on vendor updates or community patches and apply them promptly once available. 8. Consider migrating to alternative CMS platforms with active security support if long-term vendor support is uncertain.