Plateforme
php
Composant
core
Corrigé dans
2024.1.115
CVE-2025-52207 is a critical remote code execution (RCE) vulnerability discovered in MikoPBX, a VoIP phone system. This flaw allows attackers to upload malicious PHP scripts to the server, potentially gaining complete control over the system. The vulnerability affects versions 0 through 2024.1.114, and a patch is available in version 2024.1.115.
The impact of this vulnerability is severe. Successful exploitation allows an attacker to execute arbitrary code on the MikoPBX server. This could lead to complete system compromise, including data theft, modification, or deletion. Attackers could also leverage the compromised server to launch further attacks against internal network resources, effectively using the VoIP system as a pivot point. Given the sensitive nature of VoIP communications (potentially containing call recordings, voicemails, and user credentials), the potential for data exfiltration is significant. The ability to execute arbitrary code also opens the door to denial-of-service attacks and the installation of persistent backdoors.
CVE-2025-52207 was publicly disclosed on 2025-06-27. While no active exploitation campaigns have been publicly confirmed as of this writing, the ease of exploitation and the critical severity of the vulnerability make it a high-priority target for attackers. The vulnerability is not currently listed on the CISA KEV catalog. Public proof-of-concept exploits are likely to emerge, increasing the risk of widespread exploitation.
Organizations utilizing MikoPBX for their VoIP communications are at risk, particularly those running older, unpatched versions. Small and medium-sized businesses (SMBs) with limited security resources are especially vulnerable, as they may lack the expertise or time to promptly address this critical vulnerability. Shared hosting environments where multiple customers share the same server are also at increased risk, as a compromise of one customer's MikoPBX instance could potentially impact others.
• php / server:
find /var/www/mikoPBX -name '*.php' -type f -mtime +7 -print• php / server:
grep -r "<?php" /var/www/mikoPBX/PBXCoreREST/Controllers/Files/• generic web:
curl -I http://your-mikoPBX-server/PBXCoreREST/Controllers/Files/PostController.php | grep -i 'content-type: multipart/form-data'disclosure
Statut de l'Exploit
EPSS
5.80% (percentile 90%)
CISA SSVC
Vecteur CVSS
The primary mitigation is to immediately upgrade MikoPBX to version 2024.1.115 or later, which contains the fix for this vulnerability. If upgrading is not immediately feasible, consider implementing temporary workarounds. Restrict file upload permissions within the PBXCoreREST application to prevent unauthorized uploads. Implement strict input validation on all file uploads to ensure that only allowed file types are processed. Consider using a Web Application Firewall (WAF) to block suspicious file upload attempts. Monitor system logs for unusual file activity, particularly the creation of PHP files in unexpected directories.
Mettez à jour MikoPBX à une version ultérieure à 2024.1.114. Cela corrigera la vulnérabilité permettant le téléchargement de scripts PHP dans des répertoires arbitraires. Consultez le commit 3ee785429d3f1b33c9ab387ef4221127c9b8c5f3 dans le dépôt de MikoPBX pour plus de détails sur la correction.
Analyses de vulnérabilités et alertes critiques directement dans votre boîte mail.
CVE-2025-52207 is a critical remote code execution vulnerability in MikoPBX VoIP phone systems, allowing attackers to upload and execute PHP scripts.
You are affected if you are running MikoPBX versions 0 through 2024.1.114. Check your version and upgrade immediately.
Upgrade MikoPBX to version 2024.1.115 or later. As a temporary workaround, restrict file upload permissions and implement strict input validation.
While no active exploitation campaigns have been confirmed, the vulnerability's severity and ease of exploitation make it a high-priority target.
Refer to the MikoPBX website and security advisories for the latest information and updates regarding CVE-2025-52207.
Téléverse ton fichier de dépendances et découvre instantanément si cette CVE et d'autres te touchent.