プラットフォーム
php
コンポーネント
paymenter
修正版
1.2.12
CVE-2025-58048 affects Paymenter, a free and open-source webshop solution for hosting platforms. This vulnerability allows authenticated users to upload arbitrary files through the ticket attachments functionality, potentially leading to complete system compromise. Versions of Paymenter prior to 1.2.11 are vulnerable, and the issue has been resolved in version 1.2.11. Immediate patching is strongly recommended.
The impact of CVE-2025-58048 is severe due to the potential for Remote Code Execution (RCE). A malicious, authenticated user can leverage this vulnerability to upload and execute arbitrary code on the server. This could involve extracting sensitive data from the Paymenter database, including customer information, order details, and potentially even payment credentials. Attackers could also read credentials stored in configuration files, gaining access to other systems or services. Furthermore, the ability to execute arbitrary system commands under the web server user context allows for complete control over the affected system, potentially leading to data breaches, denial of service, and further lateral movement within the network. The blast radius extends to any data accessible by the web server user, and the ease of exploitation makes it a high-priority concern.
CVE-2025-58048 has a critical CVSS score of 10, indicating a high probability of exploitation. While no public Proof-of-Concept (PoC) code has been publicly released as of the publication date (2025-08-28), the ease of exploitation and the potential for significant impact suggest that it could become a target for attackers. The vulnerability is not currently listed on KEV or EPSS, but its severity warrants close monitoring. Organizations should prioritize patching this vulnerability to prevent potential exploitation.
エクスプロイト状況
EPSS
0.10% (27% パーセンタイル)
CISA SSVC
CVSS ベクトル
The primary mitigation for CVE-2025-58048 is to immediately upgrade Paymenter to version 1.2.11. This version includes a patch (commit 87c3db4) that addresses the arbitrary file upload vulnerability. If upgrading is not immediately feasible, consider implementing temporary workarounds. Restrict file upload permissions within the ticket attachments functionality to only allow specific, safe file types. Implement strict input validation on all uploaded files to prevent the execution of malicious code. Consider using a Web Application Firewall (WAF) to filter out potentially malicious file uploads. Monitor Paymenter logs for suspicious activity, such as unusual file uploads or attempts to execute commands. After upgrading to 1.2.11, verify the fix by attempting to upload a known malicious file type and confirming that the upload is blocked or handled safely.
Actualice Paymenter a la versión 1.2.11 o superior. Si la actualización no es posible de inmediato, configure Nginx para descargar los archivos adjuntos en lugar de ejecutarlos, o bloquee el acceso a /storage/ utilizando un WAF como Cloudflare.
脆弱性分析と重要アラートをメールでお届けします。
It's a critical Remote Code Execution (RCE) vulnerability in Paymenter webshop versions before 1.2.11, allowing authenticated users to upload and execute arbitrary files.
If you are using Paymenter version 1.2.10 or earlier, you are vulnerable to this RCE flaw. Check your version immediately.
Upgrade Paymenter to version 1.2.11. This version contains the necessary patch to resolve the vulnerability. If immediate upgrade isn't possible, implement temporary workarounds like file type restrictions.
No public exploits are currently known, but the high severity and ease of exploitation suggest it could become a target. Monitor your systems closely.
Refer to the Paymenter project's official website and security advisories for the latest information and updates regarding this vulnerability.