CVE-2025-65530
Modified Modified - Updated After Analysis

BaseFortify

Vulnerability report for CVE-2025-65530, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2025-12-12

Last updated on: 2026-07-05

Assigner: MITRE

Description

An eval injection in the malware de-obfuscation routines of CloudLinux ai-bolit before v32.7.4 allows attackers to overwrite arbitrary files as root via scanning a crafted file.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2025-12-12
Last Modified
2026-07-05
Generated
2026-07-06
AI Q&A
2025-12-13
EPSS Evaluated
2026-07-05
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
cloudlinux ai-bolit to 32.7.4-1 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-95 The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes code syntax before using the input in a dynamic evaluation call (e.g. "eval").

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Detection Guidance

You can detect if your system is vulnerable by checking the installed version of the ai-bolit package. For RPM-based systems (CentOS/CloudLinux/AlmaLinux), use the command: `rpm -qa | grep ai-bolit`. For Debian-based systems (Debian/Ubuntu), use: `dpkg -l | grep ai-bolit`. If the version is prior to 32.7.4-1, your system is vulnerable. There is no specific network detection command provided, but monitoring for suspicious file scans or unexpected root file overwrites could be indicative. [1]

Executive Summary

This vulnerability is an eval injection in the malware de-obfuscation routines of CloudLinux ai-bolit before version 32.7.4. It allows attackers to execute arbitrary code by injecting malicious input into the eval function, which can lead to overwriting arbitrary files with root privileges when scanning a crafted file.

Impact Analysis

The vulnerability can allow attackers to overwrite arbitrary files as root, potentially leading to full system compromise, unauthorized data modification, or disruption of system operations.

Mitigation Strategies

The immediate step is to upgrade the ai-bolit package to version 32.7.4-1 or later using your system's package manager (yum for RPM-based systems, apt-get for Debian-based systems). If upgrading immediately is not possible, temporarily disable all types of file scans including scheduled, real-time, FTP, and ModSecurity uploads by modifying configuration settings to disable malware scanning features and scheduled scans or restrict scans to trusted users only. Automatic updates are strongly recommended as the primary defense. [1]

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-65530. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart