CVE-2025-15373

EyouCMS function.php saveRemote server-side request forgery

A security vulnerability has been detected in EyouCMS up to 1.7.7. Impacted is the function saveRemote of the file application/function.php. Such manipulation leads to server-side request forgery. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may be used. The vendor is "[a]cknowledging the existence of the vulnerability, we have completed the fix and will release a new version, v1.7.8".

We have discovered 1,103 live websites that are affected by CVE-2025-15373.

Run a Free Instant Scan



Affected Software

Product  eyouCMS
Category Content Management System
Vulnerable Domains1,103 live websites (18% of eyouCMS install base)
Vulnerable Versions
  • from 1.7 through 1.7
  • from 1.7.1 through 1.7.1
  • from 1.7.2 through 1.7.2
  • from 1.7.3 through 1.7.3
  • from 1.7.4 through 1.7.4
  • from 1.7.5 through 1.7.5
  • from 1.7.6 through 1.7.6
  • from 1.7.7 through 1.7.7
Vulnerable Versions Count8 versions ( 31% of all versions)



Details

  • Published - Dec 31, 2025
  • Updated - Jan 2, 2026

Credits

  • pemic (VulDB User) (reporter)

Website Distribution by Country

Number of websites using CVE-2025-15373
United States123 websites


China527 websites
Hong Kong221 websites
Taiwan138 websites
Singapore46 websites
Netherlands3 websites
Japan2 websites
ZZ2 websites
Canada1 websites

Website Distribution by TLD

Number of websites using CVE-2025-15373
.com831 websites
.cn148 websites
.net50 websites
.com.cn33 websites
.org12 websites
.ca1 websites

Vulnerable Versions

Vulnerable versions are highlighted in red

Websites affected by CVE-2025-15373

Top websites that are affected by CVE-2025-15373. Please click on the "Contact us" link to get more information.
DomainCountryRankContacts
*******.com Singapore*,***
********.com United States**,***
**.link Singapore**,***
*****.com China***,***
********.com Taiwan***,***
*******.net United States***,***
******.com Hong Kong***,***
****.cn China***,***
****.cn China***,***
*****.com Hong Kong***,***
See full domain list

FAQ

A total of 1,103 websites have been identified as vulnerable to CVE-2025-15373, based on global website indexing conducted by WebTechSurvey.
The eyouCMS is affected by the CVE-2025-15373 vulnerability.
eyouCMS versions up to and including 1.7.7 are vulnerable to CVE-2025-15373.