We’re taking on a small number of new builds and rebuilds this quarter. Book a call to see if your project is a fit.

CVE CVE-2025-67436

CVE-2025-67436

PHP

Severity: MEDIUM
CVSS: 6.5CVSS
Published: 2025-12-22
Last modified: 2026-01-02
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
CWE: CWE-77

Description

Authenticated Remote Code Execution (RCE) in PluXml CMS 5.8.22 allows an attacker with administrator panel access to inject a malicious PHP webshell into a theme file (e.g., home.php).

References

https://github.com/RajChowdhury240/CVE-2025-67435/
https://github.com/pluxml/PluXml

Summary

Description

References