CVE-2025-67436
Unknown Unknown - Not Provided
Authenticated RCE in PluXml CMS 5.8.22 Theme Files

Publication date: 2025-12-22

Last updated on: 2025-12-22

Assigner: MITRE

Description
Authenticated Remote Code Execution (RCE) in PluXml CMS 5.8.22 allows an attacker with administrator panel access to inject a malicious PHP webshell into a theme file (e.g., home.php).
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-22
Last Modified
2025-12-22
Generated
2026-06-16
AI Q&A
2025-12-23
EPSS Evaluated
2026-06-15
NVD
CVE-2025-67436
EUVD
EUVD-2025-204758
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
pluxml pluxml 5.8.22
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-77 The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is an Authenticated Remote Code Execution (RCE) flaw in PluXml CMS version 5.8.22. It allows an attacker who has access to the administrator panel to inject a malicious PHP webshell into a theme file, such as home.php. This means the attacker can insert harmful code into the website's theme files, which can then be executed remotely.

Impact Analysis

The vulnerability allows an attacker with administrator access to execute arbitrary PHP code on the server by injecting a malicious webshell into theme files. This can lead to full system compromise, including executing system commands, reading, modifying, or deleting sensitive files and databases, compromising confidentiality, integrity, and availability of the system, and potentially establishing persistent backdoors.

Detection Guidance

Detection involves monitoring for suspicious file uploads, especially ZIP archives uploaded via the admin panel, and checking for unexpected PHP files in theme directories such as home.php. File integrity checks on theme files can help identify unauthorized modifications. Commands to detect suspicious PHP files could include: `find /path/to/pluxml/themes/ -name '*.php' -exec grep -l '<?php' {} +` to find PHP files, and `diff` or `sha256sum` to compare current theme files against known good versions. Additionally, monitoring web server logs for unusual access patterns to theme PHP files may help detect exploitation attempts. [2]

Mitigation Strategies

Immediate mitigation steps include restricting module upload access strictly to trusted administrators, monitoring upload activities for suspicious ZIP files, and performing file integrity checks to detect malicious uploads. Ensuring that only authorized personnel have admin panel access and disabling or limiting the ability to upload modules or themes can reduce risk. Regularly updating PluXml CMS to the latest secure version and reviewing uploaded files for unexpected PHP code are also recommended. [2]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-67436. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart