CVE-2025-67436

Published: Dic 22, 2025 Last Modified: Gen 02, 2026

ExploitDB:

Other exploit source:

Google Dorks:

MEDIUM 6,5

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

Attack Vector: network

Attack Complexity: low

Privileges Required: high

User Interaction: none

Scope: unchanged

Confidentiality: high

Integrity: high

Availability: none

Description

AI Translation Available

Authenticated Remote Code Execution (RCE) in PluXml CMS 5.8.22 allows an attacker with administrator panel access to inject a malicious PHP webshell into a theme file (e.g., home.php).

EPSS (Exploit Prediction Scoring System)

Trend Analysis

EPSS (Exploit Prediction Scoring System)

Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.

EPSS Score

0,0010

Percentile

0,3th

Updated

EPSS Score Trend (Last 83 Days)

Improper Neutralization of Special Elements used in a Command ('Command Injection')

Draft

Abstraction: Class Structure: Simple

Common Consequences

Security Scopes Affected:

Integrity Confidentiality Availability

Potential Impacts:

Execute Unauthorized Code Or Commands

Applicable Platforms

Technologies: AI/ML

Likelihood of Exploit: High

View CWE Details

Application

Pluxml by Pluxml

Product Information

Vendor Pluxml

Product Pluxml

Version 5.8.22

CPE Identifier

View Detailed Analysis


                  cpe:2.3:a:pluxml:pluxml:5.8.22:*:*:*:*:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

https://github.com/pluxml/PluXml

https://github.com/RajChowdhury240/CVE-2025-67435/

CVE-2025-67436

Description

EPSS (Exploit Prediction Scoring System)

EPSS (Exploit Prediction Scoring System)

EPSS Score Trend (Last 83 Days)

Improper Neutralization of Special Elements used in a Command ('Command Injection')

Common Consequences

Applicable Platforms

Pluxml by Pluxml

Product Information

Iscriviti alla newsletter