CVE-2025-12347 is a vulnerability identified in MaxSite CMS up to version 109, specifically in the file application/maxsite/admin/plugins/editor_files/save-file-ajax.php. The issue arises from insufficient validation and processing of the file_path and content parameters, which allows an attacker to upload arbitrary files without restrictions. This unrestricted upload vulnerability can be exploited remotely without authentication or user interaction, making it relatively easy for attackers to leverage. The uploaded files could include malicious scripts or web shells, enabling remote code execution, data theft, or site defacement. The vendor was notified early but has not issued any patches or advisories, leaving users exposed. The CVSS 4.0 vector indicates network attack vector (AV:N), low attack complexity (AC:L), no privileges required (PR:L), no user interaction (UI:N), and low impact on confidentiality, integrity, and availability (VC:L, VI:L, VA:L). Although no exploits have been observed in the wild yet, the public disclosure and availability of exploit details increase the risk of imminent attacks. The vulnerability affects only version 109 of MaxSite CMS, a content management system used primarily for website management. Given the lack of vendor response, organizations must rely on compensating controls and monitoring until an official fix is released.

For European organizations, this vulnerability poses a moderate risk primarily to websites and web applications running MaxSite CMS version 109. Successful exploitation can lead to unauthorized file uploads, potentially resulting in remote code execution, website defacement, data leakage, or pivoting within the network. This can disrupt business operations, damage reputation, and lead to regulatory non-compliance, especially under GDPR if personal data is exposed. Public-facing web portals are particularly vulnerable, and attackers could use compromised sites as a foothold for further attacks. The lack of vendor patching increases the window of exposure. Organizations relying on MaxSite CMS for critical services or e-commerce may face operational and financial impacts. The medium CVSS score reflects moderate severity but the ease of exploitation and lack of authentication requirements elevate the urgency for mitigation.

1. Immediately audit all MaxSite CMS installations to identify version 109 deployments. 2. Implement strict server-side validation to restrict file uploads by type, size, and content, blocking executable or script files. 3. Employ web application firewalls (WAFs) with custom rules to detect and block suspicious upload attempts targeting save-file-ajax.php. 4. Restrict access to the vulnerable script via IP whitelisting or authentication proxies where feasible. 5. Monitor web server logs and file system changes for unusual upload activity or new files in upload directories. 6. Isolate vulnerable CMS instances from critical internal networks to limit lateral movement. 7. Prepare incident response plans for potential exploitation scenarios. 8. Engage with the MaxSite community or security forums for updates and unofficial patches. 9. Consider migrating to alternative CMS platforms if patching is delayed. 10. Regularly back up website data and configurations to enable recovery in case of compromise.