CVE-2025-70364: PHP Code Execution in Kiamo
Plattform
php
Komponente
kiamo
Behoben in
8.4
CVE-2025-70364 describes a vulnerability in Kiamo before version 8.4, allowing authenticated administrative users to execute arbitrary PHP code on the server. While the vendor considers this a historical feature, restrictions on PHP functions were added in version 8.4 to mitigate the risk. This vulnerability requires administrative privileges to exploit.
Auswirkungen und Angriffsszenarien
An attacker with administrative access to a Kiamo installation prior to version 8.4 could exploit this vulnerability to execute arbitrary PHP code on the server. This could lead to complete system compromise, including data theft, modification, and deletion. The attacker could potentially gain control of the entire server infrastructure. While the vendor has mitigated the risk in later versions, systems running older versions remain vulnerable. This vulnerability is particularly concerning given the potential for remote code execution.
Ausnutzungskontext
CVE-2025-70364 was published on 2026-04-09. The EPSS score is pending evaluation. No public proof-of-concept exploits are currently known. Monitor Kiamo's security advisories and relevant threat intelligence feeds for updates.
Bedrohungsanalyse
Exploit-Status
EPSS
0.05% (17% Perzentil)
Betroffene Software
Zeitleiste
- Veröffentlicht
- Geändert
- EPSS aktualisiert
Mitigation und Workarounds
The primary mitigation is to upgrade Kiamo to version 8.4 or later. If upgrading is not immediately feasible, restrict administrative access to the Kiamo installation and implement strict input validation on all user-supplied data. Regularly review and audit Kiamo's configuration and security settings. Consider implementing a Web Application Firewall (WAF) to detect and block malicious requests. After upgrading, confirm the fix by attempting to execute PHP code through administrative interfaces and verifying that the restrictions are in place.
So behebenwird übersetzt…
Actualice Kiamo a la versión 8.4 o superior para mitigar la vulnerabilidad. Esta versión introduce restricciones en algunas funciones PHP, limitando la capacidad de los atacantes para ejecutar código arbitrario.
Häufig gestellte Fragen
Was ist CVE-2025-70364 in Kiamo?
It's a vulnerability in Kiamo allowing authenticated admins to execute PHP code.
Bin ich von CVE-2025-70364 in Kiamo betroffen?
If you're using Kiamo versions before 8.4, you are potentially affected.
Wie behebe ich CVE-2025-70364 in Kiamo?
Upgrade to Kiamo version 8.4 or later to resolve the vulnerability.
Wird CVE-2025-70364 aktiv ausgenutzt?
No public exploits are currently known, but it's crucial to apply the patch promptly.
Wo finde ich den offiziellen Kiamo-Hinweis für CVE-2025-70364?
Refer to Kiamo's security advisories and the NVD entry for CVE-2025-70364.
Ist dein Projekt betroffen?
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.
Jetzt testen — kein Konto
Laden Sie ein Manifest hoch (composer.lock, package-lock.json, WordPress Plugin-Liste…) oder fügen Sie Ihre Komponentenliste ein. Sie erhalten sofort einen Schwachstellenbericht. Das Hochladen einer Datei ist nur der Anfang: Mit einem Konto erhalten Sie kontinuierliche Überwachung, Slack/email-Benachrichtigungen, Multi-Projekt- und White-Label-Berichte.
Abhängigkeitsdatei hier ablegen
composer.lock, package-lock.json, requirements.txt, Gemfile.lock, pubspec.lock, Dockerfile...