CVE-2025-15375 is a deserialization vulnerability affecting EyouCMS, a content management system, in versions 1.7.0 through 1.7.7. The flaw resides in the unserialize function within the application/api/controller/Ajax.php file, specifically in the arcpagelist handler component. The vulnerability arises from unsafe deserialization of user-controlled input passed via the 'attstr' argument. Deserialization vulnerabilities can allow attackers to manipulate serialized data to execute arbitrary code, escalate privileges, or cause denial of service. In this case, the attack vector is remote and does not require user interaction, but it does require low-level privileges (PR:L), indicating that some form of authenticated access or limited privilege is necessary to exploit. The CVSS 4.0 score is 5.3 (medium severity), reflecting moderate impact on confidentiality, integrity, and availability, with low attack complexity and no user interaction needed. The vendor has acknowledged the vulnerability and is preparing a patch in version 1.7.8. Although no exploits are currently observed in the wild, published proof-of-concept code increases the risk of exploitation. The vulnerability's exploitation could lead to unauthorized data access, data tampering, or service disruption within affected EyouCMS deployments.

For European organizations using EyouCMS, this vulnerability poses a moderate risk. Exploitation could lead to unauthorized access to sensitive content, defacement, or disruption of web services, impacting business continuity and reputation. Given EyouCMS's role in managing web content, attacks could compromise customer data or internal information. The requirement for low privileges means that attackers who have gained limited access could escalate their control, increasing the threat level. Organizations in sectors with high reliance on web presence, such as media, education, and government, could face operational and reputational damage. Additionally, the availability of proof-of-concept exploits raises the likelihood of targeted attacks. The medium severity suggests that while the threat is not critical, timely remediation is essential to prevent exploitation, especially in environments with sensitive data or regulatory compliance obligations like GDPR.

1. Immediately upgrade EyouCMS installations to version 1.7.8 once released by the vendor to apply the official patch. 2. Until patching is possible, implement strict input validation and sanitization on the 'attstr' parameter to prevent malicious serialized data from being processed. 3. Restrict access to the vulnerable API endpoint (application/api/controller/Ajax.php) using network-level controls such as IP whitelisting or web application firewalls (WAF) with custom rules to detect and block suspicious deserialization payloads. 4. Monitor logs for unusual activity related to the 'attstr' parameter or the arcpagelist handler, including repeated or malformed requests. 5. Employ runtime application self-protection (RASP) or intrusion detection systems (IDS) capable of detecting deserialization attacks. 6. Review and minimize privileges for users and services interacting with the vulnerable component to reduce the attack surface. 7. Conduct security awareness training for administrators to recognize and respond to exploitation attempts. 8. Regularly audit EyouCMS configurations and update all components to the latest secure versions.