CVE-2025-67436 | Severity.io

Description

Authenticated Remote Code Execution (RCE) in PluXml CMS 5.8.22 allows an attacker with administrator panel access to inject a malicious PHP webshell into a theme file (e.g., home.php).

Related CPE's

Could not find any relations

References

https://github.com/RajChowdhury240/CVE-2025-67435/

https://github.com/pluxml/PluXml

Weaknesses

134c704f-9b21-4f2e-91b3-4a467353bcc0

Secondary

CWE-77

CVSS impact metrics

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N

6.5 · Medium

CVSS V3.1
CVSS V3.0
CVSS V2.0

Information

Source identifier

[email protected]

Vulnerability status

Received

Published

2025-12-22T22:16:08.983

9 hours ago

Last modified

2025-12-22T22:16:08.983

9 hours ago