Plattform
php
Komponente
ci4-cms-erp/ci4ms
Behoben in
0.28.6
0.28.5.0
CVE-2026-25510 is a critical Remote Code Execution (RCE) vulnerability discovered in ci4-cms-erp/ci4ms. This flaw allows authenticated users with file editor permissions to execute arbitrary PHP code on the server, potentially leading to complete system compromise. The vulnerability impacts versions of ci4ms up to and including 0.28.4.0, and a patch is available in version 0.28.5.0.
The impact of CVE-2026-25510 is severe. An attacker exploiting this vulnerability can gain full control over the affected CI4MS server. This includes the ability to read, modify, and delete any files accessible to the webserver user. Attackers could install malware, steal sensitive data (customer information, financial records, etc.), or use the compromised server as a launchpad for further attacks against other systems on the network. The unrestricted file creation capability makes exploitation relatively straightforward for an authenticated user.
CVE-2026-25510 was publicly disclosed on 2026-02-02. No public proof-of-concept (PoC) code has been widely reported at the time of writing, but the vulnerability's nature suggests a relatively low barrier to exploitation. The vulnerability is not currently listed on CISA KEV, and its exploitation probability is considered medium due to the ease of exploitation and the potential impact.
Organizations using ci4-cms-erp/ci4ms in production environments, particularly those with multiple users having file editor permissions, are at significant risk. Shared hosting environments where multiple users share the same server and file system are especially vulnerable.
• php: Examine web server access logs for requests to /backend/fileeditor/createFile and /backend/fileeditor/save from authenticated users. Look for unusual file extensions (e.g., .php) being created in web-accessible directories like /public.
grep -i 'fileeditor/createFile|fileeditor/save' /var/log/apache2/access.log• php: Check the file system for newly created PHP files in web-accessible directories (e.g., /public) with suspicious names or content.
find /var/www/html/public -name '*.php' -newermt '2026-02-02'• generic web: Monitor for unusual PHP process executions on the server.
ps aux | grep phpdisclosure
Exploit-Status
EPSS
0.13% (33% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2026-25510 is to immediately upgrade to version 0.28.5.0 or later. If upgrading is not immediately feasible, consider restricting file editor permissions to only trusted users. Implement strict input validation on all file creation and save endpoints to prevent the upload of malicious PHP files. Web Application Firewalls (WAFs) configured to detect and block PHP file uploads to web-accessible directories can provide an additional layer of defense. Monitor file system activity for unexpected PHP file creations.
Actualice ci4ms a la versión 0.28.5.0 o superior. Esta versión contiene una corrección para la vulnerabilidad de ejecución remota de código. La actualización evitará que usuarios autenticados con permisos de edición de archivos ejecuten código PHP arbitrario en el servidor.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2026-25510 is a critical Remote Code Execution vulnerability in ci4-cms-erp/ci4ms versions up to 0.28.4.0, allowing authenticated users to execute arbitrary PHP code.
You are affected if you are using ci4-cms-erp/ci4ms version 0.28.4.0 or earlier.
Upgrade to version 0.28.5.0 or later to address the vulnerability. If immediate upgrade is not possible, restrict file editor permissions and implement input validation.
While no widespread exploitation has been confirmed, the vulnerability's ease of exploitation suggests a potential for active exploitation.
Refer to the official ci4-cms-erp project's release notes or security advisories for details on the fix and further information.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.