CVE-2025-29287: MCMS allows arbitrary file uploads in the ueditor component

Severity: Critical

CVSS Score: 9.8

An arbitrary file upload vulnerability in the ueditor component of MCMS v5.4.3 allows attackers to execute arbitrary code via uploading a crafted file.