- **Vulnerability Information** - **Affected Software and Versions**: - UNA CMS <= 14.0.0-RC4 - Specific affected version range: All versions from 9.0.0-RC1 to 14.0.0-RC4 - **Vulnerability Description**: - The vulnerability resides in the `/template/scripts/BxBaseMenuSetAclLevel.php` script. - Specifically, within the `BxBaseMenuSetAclLevel::getCode()` method, user input passed via the "profile_id" POST parameter is not properly sanitized before being passed to the `unserialize()` function. This allows remote, unauthenticated attackers to inject arbitrary PHP objects into the application environment, leading to various attacks including arbitrary PHP code writing and execution. - **Proof of Concept (PoC)**: - [https://karmainsecurity.com/pocs/CVE-2025-32101.php](https://karmainsecurity.com/pocs/CVE-2025-32101.php) - **Solution**: - Upgrade to version 14.0.0-RC5 or later. 世 - **Vulnerability Disclosure Timeline**: - [2025-03-25] - Vendor notified - [2025-03-29] - CVE identifier requested - [2025-01-04] - Version 14.0.0-RC5 released - [2025-04-04] - CVE identifier assigned - [2025-04-07] - Public disclosure - **CVE Reference**: - The Common Vulnerabilities and Exposures (CVE) program (cve.mitre.org) assigned the identifier CVE-2025-32101 to this vulnerability. - **Discoverer**: - The vulnerability was discovered by Egidio Romano.