We’re taking on a small number of new builds and rebuilds this quarter. Book a call to see if your project is a fit.

CVE CVE-2025-67164

CVE-2025-67164

PHP

Severity: CRITICAL
CVSS: 9.9CVSS
Published: 2025-12-17
Last modified: 2026-01-02
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
CWE: CWE-78CWE-94CWE-434

Description

An authenticated arbitrary file upload vulnerability in the /storage/poc.php component of Pagekit CMS v1.0.18 allows attackers to execute arbitrary code via uploading a crafted PHP file.

References

https://github.com/mbiesiad/vulnerability-research/tree/main/CVE-2025-67164

Summary

Description

References